CVE-2018-1000550
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32.
Sympa de Sympa Community, en versiones anteriores a la 6.2.32, contiene una vulnerabilidad de salto de directorio en la función de edición de plantillas www.sympa.fcgi que puede generar la posibilidad de crear o modificar archivos en el sistema de archivos del servidor. Parece ser que este ataque puede ser explotado mediante una petición HTTP GET/POST. La vulnerabilidad parece haber sido solucionada en la versión 6.2.32.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-04-19 CVE Reserved
- 2018-06-26 CVE Published
- 2024-06-05 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2018/07/msg00033.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://sympa-community.github.io/security/2018-001.html | 2020-08-04 |
URL | Date | SRC |
---|---|---|
https://usn.ubuntu.com/4442-1 | 2020-08-04 | |
https://www.debian.org/security/2018/dsa-4285 | 2020-08-04 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sympa Search vendor "Sympa" | Sympa Search vendor "Sympa" for product "Sympa" | < 6.2.32 Search vendor "Sympa" for product "Sympa" and version " < 6.2.32" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
|