CVE-2014-3225 – Cobbler 2.4.x < 2.6.x - Local File Inclusion

https://notcve.org/view.php?id=CVE-2014-3225

13 May 2014 — Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. Vulnerabilidad de recorrido de directorio absoluto en la interfaz web en Cobbler 2.4.x hasta 2.6.x permite a usuarios remotos autenticados leer archivos arbitrarios a través del campo Kickstart en un perfil. It was discovered that Cobbler did not properly handle user input, which could result in an absolute path traversal. A... • https://packetstorm.news/files/id/126607 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •