Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-5984

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2013-5984
Last Modified 13 May 2014 09:21:30
Published 12 May 2014 10:55:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-5984

Summary

Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter.

Vulnerable Systems

Application

  • Microweber 0.8


References

CONFIRM - https://github.com/microweber/microweber/commit/9177d134960c24cb642d5cf3b42a1fba286219cc

MISC - https://www.htbridge.com/advisory/HTB23175

MISC - http://packetstormsecurity.com/files/123652/Microweber-0.8-Arbitrary-File-Deletion.html


Last Updated: 27 May 2016 11:05:13