CVE-2012-3521

GeSHi < 1.0.8.11 - Path Traversal via CSSGen Contrib Module Parameters

Title source: llm
STIX 2.1

Description

Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) geshi-path or (2) geshi-lang-path parameter.

References (6)

Core 6
Core References
Exploit, Patch x_refsource_confirm
http://sourceforge.net/p/geshi/code/2507/
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105317.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105273.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105247.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/08/21/11

Scores

EPSS 0.0317
EPSS Percentile 86.5%

Details

CWE
CWE-22
Status published
Products (8)
geshi/geshi 0 - 1.0.8.11Packagist
qbnz/geshi 1.0.8.4
qbnz/geshi 1.0.8.5
qbnz/geshi 1.0.8.6
qbnz/geshi 1.0.8.7
qbnz/geshi 1.0.8.8
qbnz/geshi 1.0.8.9
qbnz/geshi < 1.0.8.10
Published Jun 13, 2014
Tracked Since Feb 18, 2026