CVE-2010-1951

Multiple directory traversal vulnerabilities in 60cycleCMS allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the DOCUMENT_ROOT parameter to (1) news.php, (2) submitComment.php, and (3) sqlConnect.php.

Published : 2010-05-19 12:07 Updated : 2018-10-10 19:58

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
60cycle 60cyclecms 2.5.2 cpe:/a:60cycle:60cyclecms:2.5.2
  1. 60cycle (1) Search CVE
    1. 60cyclecms (1) Search CVE
      1. 2.5.2

CWE

ID Name Description Links
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. CVE