CVE-2010-2850
Published Jul 25, 2010
Last updated 7 years ago
Overview
- Description
- Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-22
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nusoftware:nubuilder:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9997DD63-6D3E-4544-9E6F-9F26E6D8B43C",
"versionEndIncluding": "10.04.20"
},
{
"criteria": "cpe:2.3:a:nusoftware:nubuilder:09.06.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A81E44CB-EB7A-408A-BA91-BBDD5D324686"
},
{
"criteria": "cpe:2.3:a:nusoftware:nubuilder:09.06.26:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "940FD932-FA9F-4285-A44E-E2FBDF29CBD1"
},
{
"criteria": "cpe:2.3:a:nusoftware:nubuilder:09.07.24:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0E1F2102-D0EF-4997-BB68-D794B0B81E8C"
},
{
"criteria": "cpe:2.3:a:nusoftware:nubuilder:09.08.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90394A56-EAD7-45EC-ADE9-5C942939B5C2"
},
{
"criteria": "cpe:2.3:a:nusoftware:nubuilder:09.09.23:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EEB3993C-AF56-4137-A9BA-1EBE30F0340D"
}
],
"operator": "OR"
}
]
}
]