CVE-2010-3692

phpCAS < 1.1.3 - Path Traversal via PGTiou Parameter

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.

References (20)

Core 20
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2172
Various Sources x_refsource_confirm
https://issues.jasig.org/browse/PHPCAS-80
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0456
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2909
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/43585
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42149
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2705
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43427
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/29/6
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41878
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/10/01/5
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/10/01/2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42184

Scores

EPSS 0.0363
EPSS Percentile 88.1%

Details

CWE
CWE-22
Status published
Products (30)
apereo/phpcas 0.2
apereo/phpcas 0.3
apereo/phpcas 0.3.1
apereo/phpcas 0.3.2
apereo/phpcas 0.4
apereo/phpcas 0.4.1
apereo/phpcas 0.4.8
apereo/phpcas 0.4.9
apereo/phpcas 0.4.10
apereo/phpcas 0.4.11
... and 20 more
Published Oct 07, 2010
Tracked Since Feb 18, 2026