CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 6CVE-2012-1112 – Open Realty 2.5.x - 'select_users_template' Local File Inclusion
https://notcve.org/view.php?id=CVE-2012-1112
Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php. Vulnerabilidad de directorio transversal en Open-Realty CMS v2.5.8 y anteriores permite a atacantes remotos incluir y ejecutar archivos locales a través de un .. (punto punto) en el parámetro select_users_template a index.php. • https://www.exploit-db.com/exploits/36910 http://archives.neohapsis.com/archives/bugtraq/2012-03/0012.html http://www.openwall.com/lists/oss-security/2012/03/05/14 http://www.openwall.com/lists/oss-security/2012/03/05/23 http://www.securityfocus.com/bid/52296 http://yehg.net/lab/pr0js/advisories/%5Bopen-realty_2.5.8_2.x%5D_lfi https://exchange.xforce.ibmcloud.com/vulnerabilities/73736 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3765
https://notcve.org/view.php?id=CVE-2011-3765
Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain other files. Open-Realty v2.5.8 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con install/versions/upgrade_115.inc.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/open-realty-2.5.8 http://www.openwall.com/lists/oss-security/2011/06/27/6 https://exchange.xforce.ibmcloud.com/vulnerabilities/70607 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •