CVE-2013-5979
published 2013-10-02CVE-2013-5979: Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .…
PriorityP342medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
18.27%
96.9th percentile
Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xibosignage | xibo | — | — |
| xibosignage | xibo | — | — |
| xibosignage | xibo | — | — |
| xibosignage | xibo | — | — |
| xibosignage | xibo | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Xibo 1.2.2/1.4.1 - 'index.php?p' Directory Traversal
exploitdb·2013-07-18
CVE-2013-5979 Xibo 1.2.2/1.4.1 - 'index.php?p' Directory Traversal
Xibo 1.2.2/1.4.1 - 'index.php?p' Directory Traversal
---
Exploit Title: Xibo Directory Traversal Vulnerability
Exploit Author: Mahendra
Date: 2 April 2013
Vendor homepage: http://xibo.org.uk
References:
http://www.baesystemsdetica.com.au/Research/Advisories/Xibo-Directory-Traversal-Vulnerability-(DS-2013-00
############################
Affected Vendor: Spring Signage Ltd
Affected Software: Xibo
Affected Version: 1.2.2 and 1.4.1, previous version may also affected
Issue type: Directory Traversal
Release Date: 2 April 2013
Discovered by: Mahendra
Issue status: Patch available
############################
Description
What is Xibo?
Xibo is a software package which provides a high quality digital signage system for free! Digital signage is essentially any form of digital display, such as a
Nuclei
Xibo 1.2.2/1.4.1 - Directory Traversal
nuclei·CVSS 5.0
CVE-2013-5979 [MEDIUM] Xibo 1.2.2/1.4.1 - Directory Traversal
Xibo 1.2.2/1.4.1 - Directory Traversal
A directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
Template:
id: CVE-2013-5979
info:
name: Xibo 1.2.2/1.4.1 - Directory Traversal
author: daffainfo
severity: medium
description: A directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
impact: |
An attacker can read arbitrary files on the server.
remediation: |
Upgrade to a patched version of Xibo.
reference:
- https://www.exploit-db.com/exploits/26955
- https://nvd.nist.gov/vuln/detail/CVE-2013-5979
- https:/
http://www.baesystemsdetica.com.au/Research/Advisories/Xibo-Directory-Traversal-Vulnerability-%28DS-2013-00https://bugs.launchpad.net/xibo/+bug/1093967http://www.baesystemsdetica.com.au/Research/Advisories/Xibo-Directory-Traversal-Vulnerability-%28DS-2013-00https://bugs.launchpad.net/xibo/+bug/1093967
2013-10-02
Published