610
VMScore

CVE-2008-1606

Published: 01/04/2008 Updated: 13/08/2018
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
VMScore: 610
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Summary

Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote malicious users to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

elastic path elastic path 4.1

elastic path elastic path 4.1.1

Exploits

source: wwwsecurityfocuscom/bid/28352/info Elastic Path is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input These issues include: - A local file-include vulnerability - An arbitrary file-upload vulnerability - A directory-traversal vulnerability Note that attackers mus ...
source: wwwsecurityfocuscom/bid/28352/info Elastic Path is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input These issues include: - A local file-include vulnerability - An arbitrary file-upload vulnerability - A directory-traversal vulnerability Note that attackers must be ...