CVE-2010-1511External Control of File Name or Path in Kget

CWE-264CWE-73External Control of File Name or PathCWE-22Path Traversal8 documents7 sources
Severity
6.4MEDIUMNVD
EPSS
5.7%
top 9.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
KDE SCKDE Kget
Timeline
PublishedMay 17
Latest updateMay 14

Description

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

NVDkde/kget2.4.2
NVDkde/kde_sc32 versions+31

🔴Vulnerability Details

2
GHSA
GHSA-frwp-8f86-7mhx: KGet 22022-05-14
CVEList
CVE-2010-1511: KGet 22010-05-17

💥Exploits & PoCs

1
Exploit-DB
Oracle GlassFish Server - Administration Console Authentication Bypass2011-05-12

📋Vendor Advisories

2
Red Hat
kdenetwork: improper sanitization of metalink attribute for downloading files2010-05-13
Ubuntu
KDENetwork vulnerabilities2010-05-13

💬Community

2
Bugzilla
CVE-2010-1000 CVE-2010-1511 kdenetwork: improper sanitization of metalink attribute for downloading files [fedora-all]2010-05-13
Bugzilla
CVE-2010-1000 CVE-2010-1511 kdenetwork: improper sanitization of metalink attribute for downloading files2010-05-12
CVE-2010-1511 — External Control of File Name or Path | cvebase