Lucene search

[email protected]NVD:CVE-2012-6064

HistoryDec 03, 2012 - 9:55 p.m.

CVE-2012-6064

2012-12-0321:55:03

CWE-22

[email protected]

web.nvd.nist.gov

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.8%

JSON

Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a … (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files.

Affected configurations

NVD

Node

cmsmadesimplecms_made_simpleRange≤1.11.2

cmsmadesimplecms_made_simpleMatch0.1

cmsmadesimplecms_made_simpleMatch0.2

cmsmadesimplecms_made_simpleMatch0.2.1

cmsmadesimplecms_made_simpleMatch0.3

cmsmadesimplecms_made_simpleMatch0.3.1

cmsmadesimplecms_made_simpleMatch0.3.2

cmsmadesimplecms_made_simpleMatch0.4

cmsmadesimplecms_made_simpleMatch0.4.1

cmsmadesimplecms_made_simpleMatch0.5

cmsmadesimplecms_made_simpleMatch0.5.1

cmsmadesimplecms_made_simpleMatch0.6

cmsmadesimplecms_made_simpleMatch0.6.1

cmsmadesimplecms_made_simpleMatch0.6.2

cmsmadesimplecms_made_simpleMatch0.6.3

cmsmadesimplecms_made_simpleMatch0.7

cmsmadesimplecms_made_simpleMatch0.7.1

cmsmadesimplecms_made_simpleMatch0.7.2

cmsmadesimplecms_made_simpleMatch0.7.3

cmsmadesimplecms_made_simpleMatch0.8

cmsmadesimplecms_made_simpleMatch0.8.1

cmsmadesimplecms_made_simpleMatch0.8.2

cmsmadesimplecms_made_simpleMatch0.9

cmsmadesimplecms_made_simpleMatch0.9.1

cmsmadesimplecms_made_simpleMatch0.9.2

cmsmadesimplecms_made_simpleMatch0.10

cmsmadesimplecms_made_simpleMatch0.10.1

cmsmadesimplecms_made_simpleMatch0.10.2

cmsmadesimplecms_made_simpleMatch0.10.3

cmsmadesimplecms_made_simpleMatch0.10.4

cmsmadesimplecms_made_simpleMatch0.11

cmsmadesimplecms_made_simpleMatch0.11.1

cmsmadesimplecms_made_simpleMatch0.11.2

cmsmadesimplecms_made_simpleMatch0.12

cmsmadesimplecms_made_simpleMatch0.12.1

cmsmadesimplecms_made_simpleMatch0.12.2

cmsmadesimplecms_made_simpleMatch0.13

cmsmadesimplecms_made_simpleMatch1.0

cmsmadesimplecms_made_simpleMatch1.0.1

cmsmadesimplecms_made_simpleMatch1.0.2

cmsmadesimplecms_made_simpleMatch1.0.3

cmsmadesimplecms_made_simpleMatch1.0.4

cmsmadesimplecms_made_simpleMatch1.0.5

cmsmadesimplecms_made_simpleMatch1.0.6

cmsmadesimplecms_made_simpleMatch1.1

cmsmadesimplecms_made_simpleMatch1.1.1

cmsmadesimplecms_made_simpleMatch1.1.2

cmsmadesimplecms_made_simpleMatch1.1.3

cmsmadesimplecms_made_simpleMatch1.1.3.1

cmsmadesimplecms_made_simpleMatch1.1.4

cmsmadesimplecms_made_simpleMatch1.2

cmsmadesimplecms_made_simpleMatch1.2.1

cmsmadesimplecms_made_simpleMatch1.2.2

cmsmadesimplecms_made_simpleMatch1.2.3

cmsmadesimplecms_made_simpleMatch1.2.4

cmsmadesimplecms_made_simpleMatch1.2.5

cmsmadesimplecms_made_simpleMatch1.3

cmsmadesimplecms_made_simpleMatch1.3beta1

cmsmadesimplecms_made_simpleMatch1.3beta2

cmsmadesimplecms_made_simpleMatch1.4

cmsmadesimplecms_made_simpleMatch1.4.1

cmsmadesimplecms_made_simpleMatch1.5

cmsmadesimplecms_made_simpleMatch1.5.1

cmsmadesimplecms_made_simpleMatch1.5.2

cmsmadesimplecms_made_simpleMatch1.5.3

cmsmadesimplecms_made_simpleMatch1.5.4

cmsmadesimplecms_made_simpleMatch1.6

cmsmadesimplecms_made_simpleMatch1.6.1

cmsmadesimplecms_made_simpleMatch1.6.2

cmsmadesimplecms_made_simpleMatch1.6.3

cmsmadesimplecms_made_simpleMatch1.6.4

cmsmadesimplecms_made_simpleMatch1.6.5

cmsmadesimplecms_made_simpleMatch1.6.6

cmsmadesimplecms_made_simpleMatch1.6.7

cmsmadesimplecms_made_simpleMatch1.7

cmsmadesimplecms_made_simpleMatch1.7.1

cmsmadesimplecms_made_simpleMatch1.8

cmsmadesimplecms_made_simpleMatch1.8.1

cmsmadesimplecms_made_simpleMatch1.8.2

cmsmadesimplecms_made_simpleMatch1.9

cmsmadesimplecms_made_simpleMatch1.9.1

cmsmadesimplecms_made_simpleMatch1.9.2

cmsmadesimplecms_made_simpleMatch1.9.3

cmsmadesimplecms_made_simpleMatch1.9.4

cmsmadesimplecms_made_simpleMatch1.9.4.1

cmsmadesimplecms_made_simpleMatch1.9.4.2

References

archives.neohapsis.com/archives/bugtraq/2012-11/0035.html

forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545

packetstormsecurity.org/files/117951/CMS-Made-Simple-1.11.2-Cross-Site-Request-Forgery.html

secunia.com/advisories/51185

viewsvn.cmsmadesimple.org/diff.php?repname=cmsmadesimple&path=%2Ftrunk%2Flib%2Ffilemanager%2FImageManager%2FClasses%2FImageManager.php&rev=8400&peg=8498

exchange.xforce.ibmcloud.com/vulnerabilities/79881

www.htbridge.com/advisory/HTB23121