Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1226

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-1226
Last Modified 20 Mar 2012 11:53:59
Published 21 Feb 2012 08:31:47
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1226

Summary

Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.

Vulnerable Systems

Application

  • Dolibarr 3.2.0


References

XF - dolibarr-multiple-file-include(73136)

MISC - http://www.vulnerability-lab.com/get_content.php?id=428

BUGTRAQ - 20120210 Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities

CONFIRM - https://github.com/Dolibarr/dolibarr/commit/8f9b9987ffb42cfbe907fe31ded3001bfc1b3417

CONFIRM - https://github.com/Dolibarr/dolibarr/commit/5381986e50dd6055f2b3b63281eaacffa0449da2

EXPLOIT-DB - 18480

BUGTRAQ - 20120227 Re: Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities


Last Updated: 27 May 2016 10:58:18