CVE-2009-5114
published 2012-03-19CVE-2009-5114: Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the…
PriorityP341medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
13.65%
96.0th percentile
Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
Affected
48 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| iwork | webglimpse | <= 2.18.7 | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
| iwork | webglimpse | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WebGlimpse 2.18.7 - 'DOC' Directory Traversal
exploitdb·2009-04-17
CVE-2009-5114 WebGlimpse 2.18.7 - 'DOC' Directory Traversal
WebGlimpse 2.18.7 - 'DOC' Directory Traversal
---
source: https://www.securityfocus.com/bid/52651/info
WebGlimpse is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application.
Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
WebGlimpse 2.18.7 is vulnerable; other versions may also be affected.
http://www.example.com/wgarcmin.cgi?NEXTPAGE=D&ID=1&DOC=../../../../etc/passwd
Nuclei
WebGlimpse 2.18.7 - Directory Traversal
nuclei·CVSS 5.0
CVE-2009-5114 [MEDIUM] WebGlimpse 2.18.7 - Directory Traversal
WebGlimpse 2.18.7 - Directory Traversal
A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
Template:
id: CVE-2009-5114
info:
name: WebGlimpse 2.18.7 - Directory Traversal
author: daffainfo
severity: medium
description: A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
impact: |
An attacker can view, modify, or delete sensitive files on the server, potentially leading to unauthorized access or data leakage.
remediation: Apply all relevant security patches and product upgrades.
reference:
- https://www.exploit-db.com/exploits/36994
- https://nvd
2012-03-19
Published