CVE-2012-6064

EPSS 0.9%
Veröffentlicht 03.12.2012 21:55:03
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter.  NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cmsmadesimple ≫ Cms Made Simple Version <= 1.11.2

Cmsmadesimple ≫ Cms Made Simple Version0.1

Cmsmadesimple ≫ Cms Made Simple Version0.2

Cmsmadesimple ≫ Cms Made Simple Version0.2.1

Cmsmadesimple ≫ Cms Made Simple Version0.3

Cmsmadesimple ≫ Cms Made Simple Version0.3.1

Cmsmadesimple ≫ Cms Made Simple Version0.3.2

Cmsmadesimple ≫ Cms Made Simple Version0.4

Cmsmadesimple ≫ Cms Made Simple Version0.4.1

Cmsmadesimple ≫ Cms Made Simple Version0.5

Cmsmadesimple ≫ Cms Made Simple Version0.5.1

Cmsmadesimple ≫ Cms Made Simple Version0.6

Cmsmadesimple ≫ Cms Made Simple Version0.6.1

Cmsmadesimple ≫ Cms Made Simple Version0.6.2

Cmsmadesimple ≫ Cms Made Simple Version0.6.3

Cmsmadesimple ≫ Cms Made Simple Version0.7

Cmsmadesimple ≫ Cms Made Simple Version0.7.1

Cmsmadesimple ≫ Cms Made Simple Version0.7.2

Cmsmadesimple ≫ Cms Made Simple Version0.7.3

Cmsmadesimple ≫ Cms Made Simple Version0.8

Cmsmadesimple ≫ Cms Made Simple Version0.8.1

Cmsmadesimple ≫ Cms Made Simple Version0.8.2

Cmsmadesimple ≫ Cms Made Simple Version0.9

Cmsmadesimple ≫ Cms Made Simple Version0.9.1

Cmsmadesimple ≫ Cms Made Simple Version0.9.2

Cmsmadesimple ≫ Cms Made Simple Version0.10

Cmsmadesimple ≫ Cms Made Simple Version0.10.1

Cmsmadesimple ≫ Cms Made Simple Version0.10.2

Cmsmadesimple ≫ Cms Made Simple Version0.10.3

Cmsmadesimple ≫ Cms Made Simple Version0.10.4

Cmsmadesimple ≫ Cms Made Simple Version0.11

Cmsmadesimple ≫ Cms Made Simple Version0.11.1

Cmsmadesimple ≫ Cms Made Simple Version0.11.2

Cmsmadesimple ≫ Cms Made Simple Version0.12

Cmsmadesimple ≫ Cms Made Simple Version0.12.1

Cmsmadesimple ≫ Cms Made Simple Version0.12.2

Cmsmadesimple ≫ Cms Made Simple Version0.13

Cmsmadesimple ≫ Cms Made Simple Version1.0

Cmsmadesimple ≫ Cms Made Simple Version1.0.1

Cmsmadesimple ≫ Cms Made Simple Version1.0.2

Cmsmadesimple ≫ Cms Made Simple Version1.0.3

Cmsmadesimple ≫ Cms Made Simple Version1.0.4

Cmsmadesimple ≫ Cms Made Simple Version1.0.5

Cmsmadesimple ≫ Cms Made Simple Version1.0.6

Cmsmadesimple ≫ Cms Made Simple Version1.1

Cmsmadesimple ≫ Cms Made Simple Version1.1.1

Cmsmadesimple ≫ Cms Made Simple Version1.1.2

Cmsmadesimple ≫ Cms Made Simple Version1.1.3

Cmsmadesimple ≫ Cms Made Simple Version1.1.3.1

Cmsmadesimple ≫ Cms Made Simple Version1.1.4

Cmsmadesimple ≫ Cms Made Simple Version1.2

Cmsmadesimple ≫ Cms Made Simple Version1.2.1

Cmsmadesimple ≫ Cms Made Simple Version1.2.2

Cmsmadesimple ≫ Cms Made Simple Version1.2.3

Cmsmadesimple ≫ Cms Made Simple Version1.2.4

Cmsmadesimple ≫ Cms Made Simple Version1.2.5

Cmsmadesimple ≫ Cms Made Simple Version1.3

Cmsmadesimple ≫ Cms Made Simple Version1.3 Updatebeta1

Cmsmadesimple ≫ Cms Made Simple Version1.3 Updatebeta2

Cmsmadesimple ≫ Cms Made Simple Version1.4

Cmsmadesimple ≫ Cms Made Simple Version1.4.1

Cmsmadesimple ≫ Cms Made Simple Version1.5

Cmsmadesimple ≫ Cms Made Simple Version1.5.1

Cmsmadesimple ≫ Cms Made Simple Version1.5.2

Cmsmadesimple ≫ Cms Made Simple Version1.5.3

Cmsmadesimple ≫ Cms Made Simple Version1.5.4

Cmsmadesimple ≫ Cms Made Simple Version1.6

Cmsmadesimple ≫ Cms Made Simple Version1.6.1

Cmsmadesimple ≫ Cms Made Simple Version1.6.2

Cmsmadesimple ≫ Cms Made Simple Version1.6.3

Cmsmadesimple ≫ Cms Made Simple Version1.6.4

Cmsmadesimple ≫ Cms Made Simple Version1.6.5

Cmsmadesimple ≫ Cms Made Simple Version1.6.6

Cmsmadesimple ≫ Cms Made Simple Version1.6.7

Cmsmadesimple ≫ Cms Made Simple Version1.7

Cmsmadesimple ≫ Cms Made Simple Version1.7.1

Cmsmadesimple ≫ Cms Made Simple Version1.8

Cmsmadesimple ≫ Cms Made Simple Version1.8.1

Cmsmadesimple ≫ Cms Made Simple Version1.8.2

Cmsmadesimple ≫ Cms Made Simple Version1.9

Cmsmadesimple ≫ Cms Made Simple Version1.9.1

Cmsmadesimple ≫ Cms Made Simple Version1.9.2

Cmsmadesimple ≫ Cms Made Simple Version1.9.3

Cmsmadesimple ≫ Cms Made Simple Version1.9.4

Cmsmadesimple ≫ Cms Made Simple Version1.9.4.1

Cmsmadesimple ≫ Cms Made Simple Version1.9.4.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.9%	0.736

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://archives.neohapsis.com/archives/bugtraq/2012-11/0035.html

http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545

http://packetstormsecurity.org/files/117951/CMS-Made-Simple-1.11.2-Cross-Site-Request-Forgery.html

http://secunia.com/advisories/51185

http://viewsvn.cmsmadesimple.org/diff.php?repname=cmsmadesimple&path=%2Ftrunk%2Flib%2Ffilemanager%2FImageManager%2FClasses%2FImageManager.php&rev=8400&peg=8498

https://exchange.xforce.ibmcloud.com/vulnerabilities/79881

https://www.htbridge.com/advisory/HTB23121

https://nvd.nist.gov/vuln/detail/CVE-2012-6064

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-6064

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-6064

EUVD