Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1790

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-1790
Last Modified 27 Mar 2012 12:00:00
Published 19 Mar 2012 02:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1790

Summary

Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php.

Vulnerable Systems

Application

  • Joakim Nygard Webgrind 1.0

  • Joakim Nygard Webgrind 1.0.2


References

XF - webgrind-index-file-include(73509)

MISC - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5075.php

EXPLOIT-DB - 18523

MISC - http://packetstormsecurity.org/files/110216

MISC - http://code.google.com/p/webgrind/issues/detail?id=66


Last Updated: 27 May 2016 10:57:30