Description
Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Alexey Sintsov · textwebappsphp
https://www.exploit-db.com/exploits/14237
References (4)
Core 4
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/14237/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/66124
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/41383
Exploit x_refsource_misc
http://dsecrg.com/pages/vul/show.php?id=154
Scores
EPSS
0.1909
EPSS Percentile
95.4%
Details
CWE
CWE-22
Status
published
Products (14)
ibm/advanced_management_module
1.00
ibm/advanced_management_module
1.01
ibm/advanced_management_module
1.20 (2 CPE variants)
ibm/advanced_management_module
1.25 (3 CPE variants)
ibm/advanced_management_module
1.26 b (5 CPE variants)
ibm/advanced_management_module
1.28 g
ibm/advanced_management_module
1.32 d
ibm/advanced_management_module
1.34 b (2 CPE variants)
ibm/advanced_management_module
1.36 d (4 CPE variants)
ibm/advanced_management_module
1.42 d (6 CPE variants)
... and 4 more
Published
Jul 08, 2010
Tracked Since
Feb 18, 2026