CVE-2012-0996

Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.

Published : 2012-02-24 13:55 Updated : 2012-02-24 05:00

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
11in1 11in1 1.2.1 cpe:/a:11in1:11in1:1.2.1:stable_12-31-2011
  1. 11in1 (1) Search CVE
    1. 11in1 (1) Search CVE
      1. 1.2.1

CWE

ID Name Description Links
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. CVE

Reference

History of changes

Date Event
2012-02-24 13:55

New CVE