Lucene search
HistorySep 30, 2013 - 10:55 p.m.
CVE-2013-5692
CVSS2
8.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
AI Score
6.6
Confidence
Low
EPSS
0.005
Percentile
76.7%
Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a … (dot dot) in the file parameter to index.php/admin/translationManager.
Affected configurations
Node
x2enginex2crmRange≤3.4.1
ORx2enginex2crmMatch1.0
ORx2enginex2crmMatch1.0.1
ORx2enginex2crmMatch1.1.0
ORx2enginex2crmMatch1.2.0
ORx2enginex2crmMatch1.2.1
ORx2enginex2crmMatch1.2.2
ORx2enginex2crmMatch1.3
ORx2enginex2crmMatch1.3.1
ORx2enginex2crmMatch2.2
ORx2enginex2crmMatch2.2.1
ORx2enginex2crmMatch2.5
ORx2enginex2crmMatch2.5.2
ORx2enginex2crmMatch2.7
ORx2enginex2crmMatch2.7.1
ORx2enginex2crmMatch2.7.2
ORx2enginex2crmMatch2.8
ORx2enginex2crmMatch2.8.1
ORx2enginex2crmMatch2.9
ORx2enginex2crmMatch2.9.1
ORx2enginex2crmMatch3.0
ORx2enginex2crmMatch3.0.1
ORx2enginex2crmMatch3.0.2
ORx2enginex2crmMatch3.1
ORx2enginex2crmMatch3.1.1
ORx2enginex2crmMatch3.1.2
ORx2enginex2crmMatch3.2
ORx2enginex2crmMatch3.3
ORx2enginex2crmMatch3.3.1
ORx2enginex2crmMatch3.3.2
ORx2enginex2crmMatch3.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| x2engine | x2crm | * | cpe:2.3:a:x2engine:x2crm:*:*:*:*:*:*:*:* |
| x2engine | x2crm | 1.0 | cpe:2.3:a:x2engine:x2crm:1.0:*:*:*:*:*:*:* |
| x2engine | x2crm | 1.0.1 | cpe:2.3:a:x2engine:x2crm:1.0.1:*:*:*:*:*:*:* |
| x2engine | x2crm | 1.1.0 | cpe:2.3:a:x2engine:x2crm:1.1.0:*:*:*:*:*:*:* |
| x2engine | x2crm | 1.2.0 | cpe:2.3:a:x2engine:x2crm:1.2.0:*:*:*:*:*:*:* |
| x2engine | x2crm | 1.2.1 | cpe:2.3:a:x2engine:x2crm:1.2.1:*:*:*:*:*:*:* |
| x2engine | x2crm | 1.2.2 | cpe:2.3:a:x2engine:x2crm:1.2.2:*:*:*:*:*:*:* |
| x2engine | x2crm | 1.3 | cpe:2.3:a:x2engine:x2crm:1.3:*:*:*:*:*:*:* |
| x2engine | x2crm | 1.3.1 | cpe:2.3:a:x2engine:x2crm:1.3.1:*:*:*:*:*:*:* |
| x2engine | x2crm | 2.2 | cpe:2.3:a:x2engine:x2crm:2.2:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2013-5692
2013-09-30 20:00:00
prion
prion
Directory traversal
2013-09-30 22:55:00
cve
cve
CVE-2013-5692
2013-09-30 22:55:04
nessus
nessus
X2Engine < 3.5.1 Multiple Vulnerabilities
2015-02-25 00:00:00
exploitdb
exploitdb
X2CRM 3.4.1 - Multiple Vulnerabilities
2013-09-25 00:00:00
exploitpack
exploitpack
X2CRM 3.4.1 - Multiple Vulnerabilities
2013-09-25 00:00:00
htbridge
htbridge
Multiple Vulnerabilities in X2CRM
2013-09-04 00:00:00
securityvulns
securityvulns
Multiple Vulnerabilities in X2CRM
2013-10-02 00:00:00
packetstorm
packetstorm
X2CRM 3.4.1 Cross Site Scripting / Local File Inclusion
2013-09-25 00:00:00
seebug
seebug
X2CRM 3.4.1 - Multiple Vulnerabilities
2014-07-01 00:00:00
zdt
zdt
X2CRM 3.4.1 - Multiple Vulnerabilities
2013-09-25 00:00:00
CVSS2
8.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
AI Score
6.6
Confidence
Low
EPSS
0.005
Percentile
76.7%
Related for NVD:CVE-2013-5692