CVE-2010-3306

Weborf <0.12.3 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rew · textremotelinux

https://www.exploit-db.com/exploits/14925

View Code ZIP pw:eip

References (7)

Core 7

Core References

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2010/09/17/3

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/67840

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/41286

Issue Tracking x_refsource_confirm

http://code.google.com/p/weborf/source/detail?r=464

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2010/09/17/8

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/14925/

Patch x_refsource_confirm

http://galileo.dmi.unict.it/wiki/weborf/doku.php?id=news:released_0.12.3

Scores

EPSS 0.0640

EPSS Percentile 91.1%

Details

CWE

CWE-22

Status published

Products (12)

salvo_g._tomaselli/weborf 0.3

salvo_g._tomaselli/weborf 0.4

salvo_g._tomaselli/weborf 0.5

salvo_g._tomaselli/weborf 0.6

salvo_g._tomaselli/weborf 0.7

salvo_g._tomaselli/weborf 0.8

salvo_g._tomaselli/weborf 0.9

salvo_g._tomaselli/weborf 0.10

salvo_g._tomaselli/weborf 0.11

salvo_g._tomaselli/weborf 0.12

... and 2 more

Published Sep 24, 2010

Tracked Since Feb 18, 2026