CVE-2011-5273
Domain Technologie Control < 0.34.1 - Authenticated Path Traversal and Arbitrary PHP Execution via Package Installer
Title source: llmDescription
Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/.
References (3)
Core 3
Core References
Issue Tracking x_refsource_confirm
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637629
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2365
Various Sources x_refsource_confirm
http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3
Scores
EPSS
0.0148
EPSS Percentile
70.9%
Details
CWE
CWE-22
Status
published
Products (35)
gplhost/domain_technologie_control
0.24.6
gplhost/domain_technologie_control
0.25.1
gplhost/domain_technologie_control
0.25.2
gplhost/domain_technologie_control
0.25.3
gplhost/domain_technologie_control
0.26.7
gplhost/domain_technologie_control
0.26.8
gplhost/domain_technologie_control
0.26.9
gplhost/domain_technologie_control
0.27.3
gplhost/domain_technologie_control
0.28.2
gplhost/domain_technologie_control
0.28.3
... and 25 more
Published
Mar 21, 2014
Tracked Since
Feb 18, 2026