Directory traversal

2007-12-2722:46:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.018 Low

EPSS

Percentile

87.8%

JSON

Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a … (dot dot) and modified filename in the movie parameter.

CPENameOperatorVersion
tikiwiki_cms\\/groupwareeq1.9.4
tikiwiki_cms\\/groupwarele1.9.8
tikiwiki_cms\\/groupwareeq1.9.0 rc2
tikiwiki_cms\\/groupwareeq1.9.3
tikiwiki_cms\\/groupwareeq1.9.0
tikiwiki_cms\\/groupwareeq1.6.1
tikiwiki_cms\\/groupwareeq1.9.5
tikiwiki_cms\\/groupwareeq1.9.0 rc1
tikiwiki_cms\\/groupwareeq1.9.0 rc3
tikiwiki_cms\\/groupwareeq1.9.6

Name	Operator	Version
tikiwiki_cms\\/groupware	eq	1.9.4
tikiwiki_cms\\/groupware	le	1.9.8
tikiwiki_cms\\/groupware	eq	1.9.0 rc2
tikiwiki_cms\\/groupware	eq	1.9.3
tikiwiki_cms\\/groupware	eq	1.9.0
tikiwiki_cms\\/groupware	eq	1.6.1
tikiwiki_cms\\/groupware	eq	1.9.5
tikiwiki_cms\\/groupware	eq	1.9.0 rc1
tikiwiki_cms\\/groupware	eq	1.9.0 rc3
tikiwiki_cms\\/groupware	eq	1.9.6