Directory traversal

2008-09-0418:41:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.3%

JSON

Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a … (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories via a … (dot dot) in the env parameter in a login action to admin.php.

CPENameOperatorVersion
cmmeeq1.12

CPE	Name	Operator	Version
	cmme	eq	1.12

References

secunia.com/advisories/31599

securityreason.com/securityalert/4220

www.securityfocus.com/bid/30854

exchange.xforce.ibmcloud.com/vulnerabilities/44683

exchange.xforce.ibmcloud.com/vulnerabilities/44687

www.exploit-db.com/exploits/6313