4.3
CVE-2011-4696
- EPSS 0.09%
- Veröffentlicht 03.03.2014 16:55:03
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginDirectory traversal vulnerability in Eye-Fi Helper before 3.4.23 allows man-in-the-middle attackers to create arbitrary files via a .. (dot dot) in the filesignature in a GetPhotoStatus request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Eye ≫ Eye-fi Helper Version <= 3.3.0
Eye ≫ Eye-fi Helper Version2.0.3.0
Eye ≫ Eye-fi Helper Version2.0.4.0
Eye ≫ Eye-fi Helper Version2.5.1.0
Eye ≫ Eye-fi Helper Version2.5.4.0
Eye ≫ Eye-fi Helper Version2.5.5.0
Eye ≫ Eye-fi Helper Version2.5.26.0
Eye ≫ Eye-fi Helper Version2.5.27.0
Eye ≫ Eye-fi Helper Version2.6.0.0
Eye ≫ Eye-fi Helper Version2.6.9.0
Eye ≫ Eye-fi Helper Version2.6.12.0
Eye ≫ Eye-fi Helper Version3.1.2
Eye ≫ Eye-fi Helper Version3.1.9
Eye ≫ Eye-fi Helper Version3.2.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.245 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 5.5 | 4.9 |
AV:A/AC:M/Au:N/C:N/I:P/A:P
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.