CVE-2012-1207
published 2012-02-24CVE-2012-1207: Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to…
PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.88%
76.8th percentile
Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter to frontend/js.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fork-cms | fork_cms | — | — |
| forkcms | forkcms | >= 0 < 3.2.5 | 3.2.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ForkCMS Directory Traversal vulnerability
osv·2022-05-17
CVE-2012-1207 [MEDIUM] ForkCMS Directory Traversal vulnerability
ForkCMS Directory Traversal vulnerability
Directory traversal vulnerability in `frontend/core/engine/javascript.php` in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a `..` (dot dot) in the module parameter to `frontend/js.php`.
GHSA
ForkCMS Directory Traversal vulnerability
ghsa·2022-05-17
CVE-2012-1207 [MEDIUM] CWE-22 ForkCMS Directory Traversal vulnerability
ForkCMS Directory Traversal vulnerability
Directory traversal vulnerability in `frontend/core/engine/javascript.php` in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a `..` (dot dot) in the module parameter to `frontend/js.php`.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.org/files/109709/Fork-CMS-3.2.4-Cross-Site-Scripting-Local-File-Inclusion.htmlhttp://www.fork-cms.com/blog/detail/fork-cms-3-2-5-releasedhttp://www.securityfocus.com/bid/51972https://exchange.xforce.ibmcloud.com/vulnerabilities/73169https://github.com/forkcms/forkcms/commit/a9986b86c53de0582248b39605660fbba0c21a29http://packetstormsecurity.org/files/109709/Fork-CMS-3.2.4-Cross-Site-Scripting-Local-File-Inclusion.htmlhttp://www.fork-cms.com/blog/detail/fork-cms-3-2-5-releasedhttp://www.securityfocus.com/bid/51972https://exchange.xforce.ibmcloud.com/vulnerabilities/73169https://github.com/forkcms/forkcms/commit/a9986b86c53de0582248b39605660fbba0c21a29
2012-02-24
Published