CVE-2011-5273

Domain Technologie Control < 0.34.1 - Authenticated Path Traversal and Arbitrary PHP Execution via Package Installer

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/.

References (3)

Core 3
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2365

Scores

EPSS 0.0148
EPSS Percentile 70.9%

Details

CWE
CWE-22
Status published
Products (35)
gplhost/domain_technologie_control 0.24.6
gplhost/domain_technologie_control 0.25.1
gplhost/domain_technologie_control 0.25.2
gplhost/domain_technologie_control 0.25.3
gplhost/domain_technologie_control 0.26.7
gplhost/domain_technologie_control 0.26.8
gplhost/domain_technologie_control 0.26.9
gplhost/domain_technologie_control 0.27.3
gplhost/domain_technologie_control 0.28.2
gplhost/domain_technologie_control 0.28.3
... and 25 more
Published Mar 21, 2014
Tracked Since Feb 18, 2026