cbcvebase.
CVE-2012-3521
published 2014-06-13

CVE-2012-3521: Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot…

PriorityP431medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
3.17%
86.4th percentile
Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) geshi-path or (2) geshi-lang-path parameter.

Affected

13 ranges
VendorProductVersion rangeFixed in
debiangeshi< geshi 1.0.8.4-2 (bookworm)geshi 1.0.8.4-2 (bookworm)
geshigeshi>= 0 < 1.0.8.111.0.8.11
qbnzgeshi<= 1.0.8.10
qbnzgeshi
qbnzgeshi
qbnzgeshi
qbnzgeshi
qbnzgeshi
qbnzgeshi
qbnzgeshi>= 0 < 1.0.8.4-21.0.8.4-2
qbnzgeshi>= 0 < 1.0.8.4-21.0.8.4-2
qbnzgeshi>= 0 < 1.0.8.4-21.0.8.4-2
qbnzgeshi>= 0 < 1.0.8.4-21.0.8.4-2

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.