Directory traversal

2006-05-1002:14:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.9%

JSON

Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary directories and read arbitrary files via a … (dot dot) in the template parameter.

CPENameOperatorVersion
openengineeq1.8.0-beta2
openengineeq1.7.1

CPE	Name	Operator	Version
	openengine	eq	1.8.0-beta2
	openengine	eq	1.7.1

References

secunia.com/advisories/20047

www.osvdb.org/25359

www.securityfocus.com/archive/1/433229/100/0/threaded

www.securityfocus.com/bid/17871

www.vupen.com/english/advisories/2006/1728

exchange.xforce.ibmcloud.com/vulnerabilities/26345