CVSS: 5.0EPSS: 6%CPEs: 8EXPL: 2CVE-2013-5979 – Xibo 1.2.2/1.4.1 - 'index.php?p' Directory Traversal
https://notcve.org/view.php?id=CVE-2013-5979
Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php. Vulnerabilidad de salto de directorio en Spring Signage Xibo v1.2.x anterior a v1.2.3 y v1.4.x anterior a v1.4.2 permite a atacantes remotos leer ficheros arbitrarios a través de un (punto punto) en el parámetro al index.php. • https://www.exploit-db.com/exploits/26955 http://www.baesystemsdetica.com.au/Research/Advisories/Xibo-Directory-Traversal-Vulnerability-%28DS-2013-00 https://bugs.launchpad.net/xibo/+bug/1093967 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •