Path Traversal in webEdition: CVE-2014-5258

vendor:

webEdition

by:

High-Tech Bridge Security Research Lab

5,5

CVSS

MEDIUM

Path Traversal

CWE

Product Name: webEdition

Affected Version From: 6.3.8.0 (SVN-Revision: 6985)

Affected Version To: 6.3.8.0 (SVN-Revision: 6985)

Patch Exists: YES

Related CWE: CVE-2014-5258

CPE: a:webedition:webedition:6.3.8.0

Metasploit: N/A

Other Scripts: N/A

Tags: edb,packetstorm,cve,cve2014,lfi

CVSS Metrics: CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N

Nuclei References: https://nvd.nist.gov/vuln/detail/CVE-2014-5258, https://www.exploit-db.com/exploits/34761, http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html, http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0, http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen

Nuclei Metadata: {'max-request': 1, 'vendor': 'webedition', 'product': 'webedition_cms'}

Platforms Tested: None

2014

Path Traversal in webEdition: CVE-2014-5258

A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.

Mitigation:

Update to webEdition 6.3.9 Beta

Source

Path Traversal in webEdition: CVE-2014-5258

Mitigation:

Exploit-DB raw data: