Lucene search

MitreCVE-2015-6914

HistorySep 11, 2015 - 4:59 p.m.

CVE-2015-6914

2015-09-1116:59:20

CWE-22

mitre

web.nvd.nist.gov

cve-2015-6914

absolute path traversal

sitefactory cms

remote attackers

arbitrary files

security vulnerability

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.022

Percentile

89.7%

JSON

Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows remote attackers to read arbitrary files via a full pathname in the file parameter to assets/download.aspx.

Affected configurations

Nvd

Node

mindbitesitefactory_cmsMatch5.5.9

VendorProductVersionCPE
mindbitesitefactory_cms5.5.9cpe:2.3:a:mindbite:sitefactory_cms:5.5.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mindbite	sitefactory_cms	5.5.9	cpe:2.3:a:mindbite:sitefactory_cms:5.5.9:::::::*

References

packetstormsecurity.com/files/133251/SiteFactory-CMS-5.5.9-Directory-Traversal.html

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.022

Percentile

89.7%

JSON

Related for CVE-2015-6914