Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1958

4 documents4 sources

Severity

5.0MEDIUM

EPSS

4.7%

top 10.62%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Epic Games Unreal Engine Epic Games Unreal Tournament Epic Games Unreal Tournament 2003

Timeline

PublishedDec 31

Latest updateApr 29

Description

Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDepic_games/unreal_engine433, 436+1

▶NVDepic_games/unreal_tournament451b

▶NVDepic_games/unreal_tournament_20034 versions+3

🔴Vulnerability Details

GHSA

GHSA-j335-5wx8-vfg6: Directory traversal vulnerability in manifest↗2022-04-29

▶

CVEList

CVE-2004-1958: Directory traversal vulnerability in manifest↗2005-05-10

▶

💥Exploits & PoCs

Exploit-DB

Epic Games Unreal Tournament Engine 3 - UMOD Manifest.INI Arbitrary File Overwrite↗2004-04-22

▶