1 results (0.002 seconds)
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 3
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 3CVE-2014-2846 – WD Arkeia Virtual Appliance 10.2.9 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2014-2846
23 Apr 2014 — Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin. Vulnerabilidad de salto de directorio en opt/arkeia/wui/htdocs/index.php en WD Arkeia Virtual Appliance (AVA) con firmware anterior a 10.2.9 permite a atacantes remotos leer a... • https://packetstorm.news/files/id/126286 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •