CVE-2012-4030
published 2020-01-10CVE-2012-4030: Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.34%
67.7th percentile
Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chamilo | chamilo_lms | < 1.8.8.6 | 1.8.8.6 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
vendor_redhat4.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q28q-m6r2-88m4: Chamilo before 1
ghsa_unreviewed·2022-04-23
CVE-2012-4030 [MEDIUM] GHSA-q28q-m6r2-88m4: Chamilo before 1
Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.
Red Hat
mysql: regression of CVE-2009-4030
vendor_redhat·2012-09-27·CVSS 4.4
CVE-2012-4452 [MEDIUM] mysql: regression of CVE-2009-4030
mysql: regression of CVE-2009-4030
MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6.
Package: mysql (Red Hat Enterprise Linux 6) - Not affected
No detection rules found.
No public exploits indexed.
2020-01-10
Published