Lucene search

PRIOn knowledge basePRION:CVE-2010-3468

HistorySep 29, 2010 - 5:00 p.m.

Directory traversal

2010-09-2917:00:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

91.0%

JSON

Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a … (dot dot) in the FILEID parameter to the default URI under tasks/render/file/.

CPENameOperatorVersion
mura_cmseq5.1
mura_cmseq5.2
sava_cmseq5.2
sava_cmseq5.0.122
sava_cmseq5.0

Name	Operator	Version
mura_cms	eq	5.1
mura_cms	eq	5.2
sava_cms	eq	5.2
sava_cms	eq	5.0.122
sava_cms	eq	5.0

References

secunia.com/advisories/41591

www.getmura.com/index.cfm/blog/critical-security-patch/

www.securityfocus.com/bid/43499

www.stratsec.net/Research/Advisories/Blue-River-Mura-CMS-Directory-Traversal-%28SS-2010-0

www.exploit-db.com/exploits/15120