CVE-2012-6500

Published Jan 12, 2013

Last updated 12 years ago

Overview

Description: Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pragyan_cms_project:pragyan_cms:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F22C984D-3B0B-4049-BDAF-7ACC52DF418D",
            "versionEndIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:pragyan_cms_project:pragyan_cms:2.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FF4D16C-0ADA-477E-99CD-B83566C5B5E2"
          },
          {
            "criteria": "cpe:2.3:a:pragyan_cms_project:pragyan_cms:2.5.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E5A2341-2C30-4BA7-82E2-C8721FF9BC7A"
          },
          {
            "criteria": "cpe:2.3:a:pragyan_cms_project:pragyan_cms:2.5.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66D61B18-0720-4863-9BE4-6D8D724F6385"
          },
          {
            "criteria": "cpe:2.3:a:pragyan_cms_project:pragyan_cms:2.5.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D81E3DF-D1A9-4F1B-B973-518197BB5546"
          },
          {
            "criteria": "cpe:2.3:a:pragyan_cms_project:pragyan_cms:2.5.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EBE4157-D5D0-4E98-80F3-B6C98C968D68"
          },
          {
            "criteria": "cpe:2.3:a:pragyan_cms_project:pragyan_cms:2.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F2F4721-1C0D-482F-87E9-A7D670B8C5E8"
          },
          {
            "criteria": "cpe:2.3:a:pragyan_cms_project:pragyan_cms:2.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8ECD6FC-005E-4412-B395-32051C692FDF"
          },
          {
            "criteria": "cpe:2.3:a:pragyan_cms_project:pragyan_cms:2.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCE10522-3EC0-4615-AD75-EBD06CB64F0F"
          },
          {
            "criteria": "cpe:2.3:a:pragyan_cms_project:pragyan_cms:2.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21FE4542-6302-4FFA-AEEC-2A2F6D0728C9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References