Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1645Path Traversal in Server

CWE-22Path Traversal5 documents5 sources
Severity
4.0MEDIUMNVD
EPSS
2.2%
top 15.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Open-xchange Server
Timeline
PublishedSep 5
Latest updateMay 17

Description

Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the publication template path.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDopen-xchange/open-xchange_server6.20.7, 6.22.0, 6.22.1+2

🔴Vulnerability Details

2
GHSA
GHSA-qj6p-vxwc-9p4v: Directory traversal vulnerability in Open-Xchange Server before 62022-05-17
CVEList
CVE-2013-1645: Directory traversal vulnerability in Open-Xchange Server before 62013-09-05

💥Exploits & PoCs

1
Exploit-DB
Open-Xchange Server 6 - Multiple Vulnerabilities2013-03-15

💬Community

1
Bugzilla
CVE-2013-4592 kernel: kvm: memory leak when memory slot is moved with assigned device2013-11-18
CVE-2013-1645 — Path Traversal in Open-xchange Server | cvebase