Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4810

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4810
Last Modified 10 Feb 2012 12:00:00
Published 13 Dec 2011 07:55:19
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4810

Summary

Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php.

Vulnerable Systems

Application

  • Whmcs Whmcompletesolution 3.0.0

  • Whmcs Whmcompletesolution 4.0.0

  • Whmcs Whmcompletesolution 4.0.1

  • Whmcs Whmcompletesolution 4.0.2

  • Whmcs Whmcompletesolution 4.1.0

  • Whmcs Whmcompletesolution 4.1.1

  • Whmcs Whmcompletesolution 4.1.2

  • Whmcs Whmcompletesolution 4.2.0

  • Whmcs Whmcompletesolution 4.2.1

  • Whmcs Whmcompletesolution 4.3.0

  • Whmcs Whmcompletesolution 4.3.1

  • Whmcs Whmcompletesolution 4.4.0

  • Whmcs Whmcompletesolution 4.4.1

  • Whmcs Whmcompletesolution 4.4.2

  • Whmcs Whmcompletesolution 4.5.0

  • Whmcs Whmcompletesolution 4.5.1

  • Whmcs Whmcompletesolution 4.5.2


References

EXPLOIT-DB - 18088


Last Updated: 27 May 2016 10:57:54