2 results (0.002 seconds)

CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 6

Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php. Vulnerabilidad de directorio transversal en Open-Realty CMS v2.5.8 y anteriores permite a atacantes remotos incluir y ejecutar archivos locales a través de un .. (punto punto) en el parámetro select_users_template a index.php. • https://www.exploit-db.com/exploits/36910 http://archives.neohapsis.com/archives/bugtraq/2012-03/0012.html http://www.openwall.com/lists/oss-security/2012/03/05/14 http://www.openwall.com/lists/oss-security/2012/03/05/23 http://www.securityfocus.com/bid/52296 http://yehg.net/lab/pr0js/advisories/%5Bopen-realty_2.5.8_2.x%5D_lfi https://exchange.xforce.ibmcloud.com/vulnerabilities/73736 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action. index.php en el Open-Realty 2.3.4 permite a atacantes remotos la obtención de información sensible (la ruta completa) a través del parámetro no válido listingID en la acción listingview. • http://www.securityfocus.com/archive/1/457676/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/31657 •