Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2208

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-2208
Last Modified 18 Dec 2012 11:52:55
Published 14 Aug 2012 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2208

Summary

Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

Vulnerable Systems

Application

  • Piwigo 2.3.3


References

MISC - https://www.htbridge.com/advisory/HTB23085

BID - 53245

EXPLOIT-DB - 18782

SECUNIA - 48903

CONFIRM - http://piwigo.org/releases/2.3.4

CONFIRM - http://piwigo.org/forum/viewtopic.php?id=19173

CONFIRM - http://piwigo.org/bugs/view.php?id=2607

BUGTRAQ - 20120425 Multiple vulnerabilities in Piwigo

XF - piwigo-language-directory-traversal(75185)


Last Updated: 27 May 2016 10:51:40