Directory traversal

2010-12-0713:53:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.064 Low

EPSS

Percentile

93.5%

JSON

Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the p parameter to index.php.

CPENameOperatorVersion
pulse_cmseq1.2.1 basic
pulse_cmseq1.2.5 basic
pulse_cmseq1.0 basic
pulse_cmseq1.2.6 basic
pulse_cmseq1.18 basic
pulse_cmseq1.2 basic
pulse_cmseq1.2.4 basic
pulse_cmseq1.2.3 basic
pulse_cmseq1.2.2 basic
pulse_cmseq1.15 basic

Name	Operator	Version
pulse_cms	eq	1.2.1 basic
pulse_cms	eq	1.2.5 basic
pulse_cms	eq	1.0 basic
pulse_cms	eq	1.2.6 basic
pulse_cms	eq	1.18 basic
pulse_cms	eq	1.2 basic
pulse_cms	eq	1.2.4 basic
pulse_cms	eq	1.2.3 basic
pulse_cms	eq	1.2.2 basic
pulse_cms	eq	1.15 basic