Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9261

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-9261
Last Modified 24 Mar 2015 10:45:11
Published 23 Mar 2015 12:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9261

Summary

The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.

Vulnerable Systems

Application

  • Codoforum 2.5.1


References

CONFIRM - https://codoforum.com/documentation/roadmap

EXPLOIT-DB - 36320

MISC - http://security.szurek.pl/codoforum-251-arbitrary-file-download.html

MISC - http://packetstormsecurity.com/files/130739/Codoforum-2.5.1-Arbitrary-File-Download.html

OSVDB - 119412


Last Updated: 27 May 2016 11:08:11