CVE-2012-3521
GeSHi < 1.0.8.11 - Path Traversal via CSSGen Contrib Module Parameters
Title source: llmDescription
Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) geshi-path or (2) geshi-lang-path parameter.
References (6)
Core 6
Core References
Exploit, Patch x_refsource_confirm
http://sourceforge.net/p/geshi/code/2507/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105317.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105273.html
Issue Tracking x_refsource_misc
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685324
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105247.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/08/21/11
Scores
EPSS
0.0317
EPSS Percentile
86.5%
Details
CWE
CWE-22
Status
published
Products (8)
geshi/geshi
0 - 1.0.8.11Packagist
qbnz/geshi
1.0.8.4
qbnz/geshi
1.0.8.5
qbnz/geshi
1.0.8.6
qbnz/geshi
1.0.8.7
qbnz/geshi
1.0.8.8
qbnz/geshi
1.0.8.9
qbnz/geshi
< 1.0.8.10
Published
Jun 13, 2014
Tracked Since
Feb 18, 2026