CVE-2012-1226

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 21-02-2012 02:31

Last modified: - 17-11-2022 06:21

Total changes: - 2

Description

Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

7.5

Base score

10.0

6.4

Exploitability score

Impact score

Verification logic

Reference

20120210 Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities-Exploit
http://www.vulnerability-lab.com/get_content.php?id=428
18480-
20120227 Re: Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities-
https://github.com/Dolibarr/dolibarr/commit/8f9b9987ffb42cfbe907fe31ded3001bfc1b3417
https://github.com/Dolibarr/dolibarr/commit/5381986e50dd6055f2b3b63281eaacffa0449da2
dolibarr-multiple-file-include(73136)-

Keywords

CVE-2012-1226

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2012-1226

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures