CVE-2011-4713
Published Dec 8, 2011
Last updated 13 years ago
Overview
- Description
- Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_cart.php or (2) catalog/content.php.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-22
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oscss:oscss:*:prerc31:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C246CACE-624A-434C-88FE-06A5C5DDD539",
"versionEndIncluding": "2.10"
},
{
"criteria": "cpe:2.3:a:oscss:oscss:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C1A4596-DBF1-4272-9C7D-CE35B5FBC159"
},
{
"criteria": "cpe:2.3:a:oscss:oscss:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C8E08777-9E1B-448A-9204-59E9EA392017"
},
{
"criteria": "cpe:2.3:a:oscss:oscss:1.2.2:rc_c:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1EADB1D-5DAE-43E0-B528-BBF6F22D49EA"
},
{
"criteria": "cpe:2.3:a:oscss:oscss:2.10:prerc_f:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC64152C-120B-4F60-AC2B-D7F65B42F3A1"
},
{
"criteria": "cpe:2.3:a:oscss:oscss:2.10:prerc_g1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62E6F271-30DD-407F-B4E0-0F2820464CCA"
},
{
"criteria": "cpe:2.3:a:oscss:oscss:2.10:prerc12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AEDCABC8-0E19-4888-AD87-41C442742BC5"
},
{
"criteria": "cpe:2.3:a:oscss:oscss:2.10:prerc30:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1FAA416-B1D5-4323-8885-E3C29B31694A"
},
{
"criteria": "cpe:2.3:a:oscss:oscss:2.10:rc5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40666523-A476-4017-87E3-3EE32EC74072"
}
],
"operator": "OR"
}
]
}
]