CVE-2017-12586

2017-08-0603:29:00

Google

osv.dev

6.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users.

CPENameOperatorVersion
slims8_akasiaeq8.3.1

CPE	Name	Operator	Version
	slims8_akasia	eq	8.3.1

References

github.com/slims/slims8_akasia/issues/48