5
MEDIUM

CVE-2012-0996

Published: 24/02/2012 Updated: 24/02/2012
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

Vulnerability Summary

Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote malicious users to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Affected Products

Vendor Product Versions
11in111in11.2.1

Exploits

source: wwwsecurityfocuscom/bid/52025/info 11in1 is prone to a cross-site request-forgery and a local file include vulnerability An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or run ...
source: wwwsecurityfocuscom/bid/52025/info 11in1 is prone to a cross-site request-forgery and a local file include vulnerability An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or r ...

Mailing Lists

11in1 version 121 stable 12-31-2011 suffers from cross site request forgery and local file inclusion vulnerabilities ...

References