6.5

CVE-2012-6038

Exploit
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action.  NOTE: this issue has been referred to as a "path traversal."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RazorcmsRazorcms Version <= 1.2
RazorcmsRazorcms Version0.2
RazorcmsRazorcms Version0.2 Updaterc
RazorcmsRazorcms Version0.2 Updaterc2
RazorcmsRazorcms Version0.3
RazorcmsRazorcms Version0.3 Updatebeta
RazorcmsRazorcms Version0.3 Updatebeta1
RazorcmsRazorcms Version0.3 Updatebeta2
RazorcmsRazorcms Version0.3 Updaterc
RazorcmsRazorcms Version0.3 Updaterc2
RazorcmsRazorcms Version0.4
RazorcmsRazorcms Version1.0
RazorcmsRazorcms Version1.0 Updatebeta
RazorcmsRazorcms Version1.0 Updatebeta2
RazorcmsRazorcms Version1.0 Updaterc
RazorcmsRazorcms Version1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.71% 0.84
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://www.exploit-db.com/exploits/18344
Exploit
http://osvdb.org/78230
http://secunia.com/advisories/47461
Vendor Advisory
http://www.razorcms.co.uk/archive/core/old/razorCMS_core_v1_2_1_STABLE.zip
Patch
http://www.securityfocus.com/bid/51344
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/72268