2 matches found
Directory traversal
Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. dot dot in the v parameter...
CVE-2012-2919
CVE-2012-2919 affects Chevereto 1.9.1 and is a directory traversal vulnerability in Upload/engine.php. The underlying issue is how the v parameter allows a leading dot-dot (..), enabling remote attackers to determine the existence of arbitrary files. Base CVSS v2 score is 5.0 (Medium) with networ...