CVE-2010-5281
Published Nov 26, 2012
Last updated 7 years ago
Overview
- Description
- Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. NOTE: some of these details are obtained from third party information.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Evaluator
- Comment
- -
- Impact
- Per: http://secunia.com/advisories/41634 '1) Input passed via the "lang" parameter to e.g. ibrowser.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled.'
- Solution
- Per: http://secunia.com/advisories/41634 '1) Input passed via the "lang" parameter to e.g. ibrowser.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled.'
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:net4visions:ibrowser:1.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCF27BBD-CD9E-4472-BAFE-B59E139D3014"
}
],
"operator": "OR"
}
]
}
]