Directory traversal

2014-05-1419:55:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.6%

JSON

Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a … (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files.

CPENameOperatorVersion
openxeq2.8.3
openxeq2.6.5
openxle2.8.10
openxeq2.8.5
openxeq2.6.2
openxeq2.6.0
openxeq2.4.9
openxeq2.4.4
openxeq2.8.8
openxeq2.4.11