CVE-2009-2177

2009-06-2321:21:00

mitre

www.cve.org

6.8 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON

code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a “…//” (dot dot) in the s parameter, which is collapsed into a “…/” value.