Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2227

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-2227
Last Modified 30 Oct 2012 12:04:06
Published 26 Aug 2012 02:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2227

Summary

Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter.

Vulnerable Systems

Application

  • Pluxml 5.1.5


References

MISC - https://www.htbridge.com/advisory/HTB23086

XF - pluxml-index-file-include(75330)

BID - 53348

CONFIRM - http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6

EXPLOIT-DB - 18828

CONFIRM - http://telechargements.pluxml.org/changelog

SECUNIA - 49026

BUGTRAQ - 20120502 Local File Inclusion in PluXml

OSVDB - 81638


Last Updated: 27 May 2016 11:00:18