Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1058 — Path Traversal in Qube

4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

6.5%

top 8.89%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cobalt Qube

Timeline

PublishedOct 4

Latest updateApr 30

Description

Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDcobalt/qube3.0

Patches

Patch: www.iss.net ↗Patch: www.securityfocus.com ↗Patch: www.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-5v9x-cwp3-pcqj: Directory traversal vulnerability in splashAdmin↗2022-04-30

▶

CVEList

CVE-2002-1058: Directory traversal vulnerability in splashAdmin↗2002-08-31

▶

💥Exploits & PoCs

Exploit-DB

Cobalt Qube 3.0 - Authentication Bypass↗2002-07-24

▶