CVE-2012-0981
published 2012-02-02CVE-2012-0981: Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r…
PriorityP335medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
11.06%
95.4th percentile
Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. NOTE: Some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kybernetika | phpshowtime | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
phpShowtime - Directory Traversal
exploitdb·2012-01-31
CVE-2012-0981 phpShowtime - Directory Traversal
phpShowtime - Directory Traversal
---
#
# Title : phpShowtime Directory Travel
# Author : Red Security TEAM
# Date : 31/01/2012
# Download : http://phpshowtime.kybernetika.de/
# Demo : http://phpshowtime.kybernetika.de/demo/
# Tested On : CentOS
# Contact : Info [ 4t ] RedSecurity [ d0t ] COM
# Home : http://RedSecurity.COM
#
# Exploit :
#
# http://server/index.php?r=i/[Your Directory]
# Example : http://server/index.php?r=i/../../
#
Nuclei
phpShowtime 2.0 - Directory Traversal
nuclei·CVSS 5.0
CVE-2012-0981 [MEDIUM] phpShowtime 2.0 - Directory Traversal
phpShowtime 2.0 - Directory Traversal
A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php.
Template:
id: CVE-2012-0981
info:
name: phpShowtime 2.0 - Directory Traversal
author: daffainfo
severity: medium
description: A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php.
impact: |
An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or sensitive information disclosure.
remediation: |
Upgrade to a patched version of phpShowtime or apply the necessary security patches to fix
No writeups or analysis indexed.
2012-02-02
Published