Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 prior to 5.1.498 and 5.2 prior to 5.2.2809, and Sava CMS 5 up to and including 5.2, allows remote malicious users to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under tasks/render/file/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
blueriver sava cms 5.0 |
||
blueriver sava cms 5.0.122 |
||
blueriver sava cms 5.2 |
||
blueriver mura cms 5.2 |
||
blueriver mura cms 5.1 |