Directory traversal vulnerability in the callback function in client.php in phpCAS prior to 1.1.3, when proxy mode is enabled, allows remote malicious users to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apereo phpcas |
||
apereo phpcas 0.2 |
||
apereo phpcas 0.3 |
||
apereo phpcas 0.3.1 |
||
apereo phpcas 0.3.2 |
||
apereo phpcas 0.4 |
||
apereo phpcas 0.4.1 |
||
apereo phpcas 0.4.8 |
||
apereo phpcas 0.4.9 |
||
apereo phpcas 0.4.10 |
||
apereo phpcas 0.4.11 |
||
apereo phpcas 0.4.12 |
||
apereo phpcas 0.4.13 |
||
apereo phpcas 0.4.14 |
||
apereo phpcas 0.4.15 |
||
apereo phpcas 0.4.16 |
||
apereo phpcas 0.4.17 |
||
apereo phpcas 0.4.18 |
||
apereo phpcas 0.4.19 |
||
apereo phpcas 0.4.20 |
||
apereo phpcas 0.4.21 |
||
apereo phpcas 0.4.22 |
||
apereo phpcas 0.4.23 |
||
apereo phpcas 0.5.0 |
||
apereo phpcas 0.5.1 |
||
apereo phpcas 0.6.0 |
||
apereo phpcas 1.0.0 |
||
apereo phpcas 1.0.1 |
||
apereo phpcas 1.1.0 |
||
apereo phpcas 1.1.1 |