cbcvebase.
CVE-2012-5192
published 2014-01-28

CVE-2012-5192: Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot…

PriorityP350medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
52.48%
98.8th percentile
Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot encoded slash) sequences in the overlay_type parameter.

Affected

11 ranges
VendorProductVersion rangeFixed in
bitweaverbitweaver<= 2.8.1
bitweaverbitweaver
bitweaverbitweaver
bitweaverbitweaver
bitweaverbitweaver
bitweaverbitweaver
bitweaverbitweaver
bitweaverbitweaver
bitweaverbitweaver
bitweaverbitweaver
bitweaverbitweaver

Detection & IOCsextracted from sources · hover to see the quote

pathgmap/view_overlay.php
urlhttp://A.B.C.D/bitweaver/gmap/view_overlay.php?overlay_type=..%2F..%2F..%2F..%2F..%2F..%2F..%2F/etc/passwd%00
commandoverlay_type=..%2F..%2F..%2F..%2F..%2F..%2F..%2F/etc/passwd%00
  • Detect directory traversal attempts targeting the 'overlay_type' parameter in GET requests to gmap/view_overlay.php. Look for URL-encoded dot-dot-slash sequences (%2F) and null byte (%00) in the parameter value.
  • Flag HTTP requests to view_overlay.php where the overlay_type parameter contains encoded traversal patterns such as ..%2F or null byte termination (%00) used to bypass extension filtering.
  • The Metasploit auxiliary module 'scanner/http/bitweaver_overlay_type_traversal' can be used to confirm exploitability during assessments; its traffic pattern (repeated traversal depth increments against view_overlay.php) is a reliable detection signal.
  • ·The null byte (%00) termination technique used in the PoC is effective only on PHP installations where null byte handling in file path functions is not patched (typically PHP < 5.3.4). Detections relying solely on %00 may miss variants on patched PHP versions.
  • ·The NVD advisory describes the traversal encoding as "''%2F" (dot dot encoded slash), meaning the dots are literal and only the slash is percent-encoded. Detection rules must account for this specific encoding pattern rather than fully encoded traversal strings.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.