CVE-2012-1207Path Traversal in Fork CMS

CWE-22Path Traversal3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 61.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ForkcmsFork-cms Fork CMS
Timeline
PublishedFeb 24
Latest updateMay 17

Description

Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter to frontend/js.php.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Packagistforkcms/forkcms< 3.2.5

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
OSV
ForkCMS Directory Traversal vulnerability2022-05-17
GHSA
ForkCMS Directory Traversal vulnerability2022-05-17
CVE-2012-1207 — Path Traversal in Fork-cms Fork CMS | cvebase