Directory traversal vulnerability in X2Engine X2CRM prior to 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
x2engine x2crm 3.0.1 |
||
x2engine x2crm 3.0 |
||
x2engine x2crm 2.9.1 |
||
x2engine x2crm 2.9 |
||
x2engine x2crm 1.2.1 |
||
x2engine x2crm 1.2.0 |
||
x2engine x2crm 1.1.0 |
||
x2engine x2crm 1.0.1 |
||
x2engine x2crm 1.0 |
||
x2engine x2crm 3.4 |
||
x2engine x2crm 3.3.2 |
||
x2engine x2crm 3.3.1 |
||
x2engine x2crm |
||
x2engine x2crm 3.2 |
||
x2engine x2crm 3.1.1 |
||
x2engine x2crm 3.0.2 |
||
x2engine x2crm 2.8.1 |
||
x2engine x2crm 2.7.2 |
||
x2engine x2crm 1.3.1 |
||
x2engine x2crm 1.2.2 |
||
x2engine x2crm 3.3 |
||
x2engine x2crm 2.7 |
||
x2engine x2crm 2.5.2 |
||
x2engine x2crm 2.5 |
||
x2engine x2crm 2.2.1 |
||
x2engine x2crm 3.1.2 |
||
x2engine x2crm 3.1 |
||
x2engine x2crm 2.8 |
||
x2engine x2crm 2.7.1 |
||
x2engine x2crm 2.2 |
||
x2engine x2crm 1.3 |