CVE-2012-1839

Published Mar 22, 2012

Last updated 7 years ago

Overview

Description: Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-22

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AB14FF4-0CF0-4ACF-BA85-59196A259BAA"
          },
          {
            "criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA399184-3366-48E8-90F8-0BDF255DB2CA"
          },
          {
            "criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD6997D4-21C7-459F-8CB1-31E98C44BC91"
          },
          {
            "criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08354E81-1FF5-4CEF-8B5B-A3B3C514F03B"
          },
          {
            "criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:3.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC4FFE75-9BBE-4C9F-A7E5-350AC7701ECD"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "514ED912-D7FB-46CD-999C-4099D37DBF21"
          },
          {
            "criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9ACB6977-00FC-49D4-ACAA-E5BDF51E2533"
          },
          {
            "criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF45470B-525A-4716-B3C7-E75A33E89466"
          },
          {
            "criteria": "cpe:2.3:a:ajaxplorer:ajaxplorer:4.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0ABE4444-20F2-43D8-83BC-12839AA40AF3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References