Path traversal

2008-03-1217:44:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.1%

JSON

Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter.

CPENameOperatorVersion
opencmseq7.0.4
opencmseq7.0.3

CPE	Name	Operator	Version
	opencms	eq	7.0.4
	opencms	eq	7.0.3

References

secunia.com/advisories/29278

securityreason.com/securityalert/3731

www.securityfocus.com/archive/1/489291/100/0/threaded

www.securityfocus.com/bid/28152

exchange.xforce.ibmcloud.com/vulnerabilities/41096