CVE-2010-3692Path Traversal in Phpcas

CWE-22Path Traversal4 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.7%
top 27.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apereo Phpcas
Timeline
PublishedOct 7
Latest updateMay 13

Description

Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDapereo/phpcas1.1.2+29

🔴Vulnerability Details

1
GHSA
GHSA-86jv-39rm-gf4v: Directory traversal vulnerability in the callback function in client2022-05-13

💬Community

2
Bugzilla
CVE-2010-3690 CVE-2010-3691 CVE-2010-3692 phpCAS: multiple vulnerabilities fixes in 1.1.32010-10-25
Bugzilla
CVE-2010-2795 CVE-2010-2796 CVE-2010-3690 CVE-2010-3691 CVE-2010-3692 glpi various flaws [fedora-all]2010-08-03
CVE-2010-3692 — Path Traversal in Apereo Phpcas | cvebase