Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-4957

CWE-22 — Path Traversal4 documents4 sources

Severity

7.8HIGH

EPSS

75.6%

top 1.10%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Novell File Reporter

Timeline

PublishedNov 18

Latest updateMay 17

Description

Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDnovell/file_reporter1.0.2

🔴Vulnerability Details

GHSA

GHSA-2rh3-6r34-qvm7: Absolute path traversal vulnerability in NFRAgent↗2022-05-17

▶

CVEList

CVE-2012-4957: Absolute path traversal vulnerability in NFRAgent↗2012-11-18

▶

💥Exploits & PoCs

Exploit-DB

Novell File Reporter (NFR) Agent - XML Parsing Remote Code Execution↗2012-12-12

▶