7.5
CVE-2010-2797
- EPSS 0.38%
- Veröffentlicht 08.10.2010 21:00:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginDirectory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the default_cms_lang parameter to an admin script, as demonstrated by admin/addbookmark.php, a different vulnerability than CVE-2008-5642.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cmsmadesimple ≫ Cms Made Simple Version <= 1.6.8
Cmsmadesimple ≫ Cms Made Simple Version1.0
Cmsmadesimple ≫ Cms Made Simple Version1.0 Updatebeta1
Cmsmadesimple ≫ Cms Made Simple Version1.0 Updatebeta2
Cmsmadesimple ≫ Cms Made Simple Version1.0 Updatebeta3
Cmsmadesimple ≫ Cms Made Simple Version1.0 Updatebeta4
Cmsmadesimple ≫ Cms Made Simple Version1.0 Updatebeta5
Cmsmadesimple ≫ Cms Made Simple Version1.0 Updatebeta6
Cmsmadesimple ≫ Cms Made Simple Version1.0.1
Cmsmadesimple ≫ Cms Made Simple Version1.0.2
Cmsmadesimple ≫ Cms Made Simple Version1.0.3
Cmsmadesimple ≫ Cms Made Simple Version1.0.4
Cmsmadesimple ≫ Cms Made Simple Version1.0.5
Cmsmadesimple ≫ Cms Made Simple Version1.0.6
Cmsmadesimple ≫ Cms Made Simple Version1.0.7
Cmsmadesimple ≫ Cms Made Simple Version1.0.8
Cmsmadesimple ≫ Cms Made Simple Version1.1
Cmsmadesimple ≫ Cms Made Simple Version1.1 Updaterc1
Cmsmadesimple ≫ Cms Made Simple Version1.1 Updaterc2
Cmsmadesimple ≫ Cms Made Simple Version1.1 Updaterc3
Cmsmadesimple ≫ Cms Made Simple Version1.1.1
Cmsmadesimple ≫ Cms Made Simple Version1.1.2
Cmsmadesimple ≫ Cms Made Simple Version1.1.3.1
Cmsmadesimple ≫ Cms Made Simple Version1.1.4.1
Cmsmadesimple ≫ Cms Made Simple Version1.2
Cmsmadesimple ≫ Cms Made Simple Version1.2 Updatebeta1
Cmsmadesimple ≫ Cms Made Simple Version1.2 Updatebeta2
Cmsmadesimple ≫ Cms Made Simple Version1.2 Updatebeta3
Cmsmadesimple ≫ Cms Made Simple Version1.2 Updaterc1
Cmsmadesimple ≫ Cms Made Simple Version1.2.1
Cmsmadesimple ≫ Cms Made Simple Version1.2.2
Cmsmadesimple ≫ Cms Made Simple Version1.2.3
Cmsmadesimple ≫ Cms Made Simple Version1.2.4
Cmsmadesimple ≫ Cms Made Simple Version1.2.5
Cmsmadesimple ≫ Cms Made Simple Version1.3
Cmsmadesimple ≫ Cms Made Simple Version1.3 Updatebeta1
Cmsmadesimple ≫ Cms Made Simple Version1.3 Updatebeta2
Cmsmadesimple ≫ Cms Made Simple Version1.3.1
Cmsmadesimple ≫ Cms Made Simple Version1.4
Cmsmadesimple ≫ Cms Made Simple Version1.4 Updatebeta1
Cmsmadesimple ≫ Cms Made Simple Version1.4 Updatebeta2
Cmsmadesimple ≫ Cms Made Simple Version1.4.1
Cmsmadesimple ≫ Cms Made Simple Version1.5
Cmsmadesimple ≫ Cms Made Simple Version1.5 Updatebeta1
Cmsmadesimple ≫ Cms Made Simple Version1.5.1
Cmsmadesimple ≫ Cms Made Simple Version1.5.2
Cmsmadesimple ≫ Cms Made Simple Version1.5.3
Cmsmadesimple ≫ Cms Made Simple Version1.5.4
Cmsmadesimple ≫ Cms Made Simple Version1.6
Cmsmadesimple ≫ Cms Made Simple Version1.6.1
Cmsmadesimple ≫ Cms Made Simple Version1.6.2
Cmsmadesimple ≫ Cms Made Simple Version1.6.3
Cmsmadesimple ≫ Cms Made Simple Version1.6.4
Cmsmadesimple ≫ Cms Made Simple Version1.6.5
Cmsmadesimple ≫ Cms Made Simple Version1.6.6
Cmsmadesimple ≫ Cms Made Simple Version1.6.7
Cmsmadesimple ≫ Cms Made Simple Version1.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.563 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.