Published: 26/11/2012 Updated: 29/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote malicious users to read arbitrary files via a .. (dot dot) in the lang parameter. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
net4visions ibrowser 1.4.1

iBrowser Plugin v141 (lang) Local File Inclusion Vulnerability Vendor: net4visionscom Product web page: wwwnet4visionscom Affected version: <= 141 Build 10182009 Summary: iBrowser is an image browser plugin for WYSIWYG editors like tinyMCE, SPAW, htmlAREA, Xinha and FCKeditor developed by net4visions It allows image browsing, r ...

CWE-22 http://secunia.com/advisories/41634 http://www.johnleitch.net/Vulnerabilities/CMScout.2.09.IBrowser.TinyMCE.Plugin.Local.File.Inclusion/33 http://www.osvdb.org/68247 http://packetstormsecurity.org/1009-exploits/cmscout209-lfi.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/62066 https://nvd.nist.gov https://www.exploit-db.com/exploits/17850/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-5281

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect