CVE-2010-3691Link Following in Phpcas

CWE-59Link Following4 documents3 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 80.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apereo Phpcas
Timeline
PublishedOct 7
Latest updateMay 13

Description

PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages1 packages

NVDapereo/phpcas1.1.2+29

🔴Vulnerability Details

1
GHSA
GHSA-5pj3-8xv9-ch9w: PGTStorage/pgt-file2022-05-13

💬Community

2
Bugzilla
CVE-2010-3690 CVE-2010-3691 CVE-2010-3692 phpCAS: multiple vulnerabilities fixes in 1.1.32010-10-25
Bugzilla
CVE-2010-2795 CVE-2010-2796 CVE-2010-3690 CVE-2010-3691 CVE-2010-3692 glpi various flaws [fedora-all]2010-08-03
CVE-2010-3691 — Link Following in Apereo Phpcas | cvebase