CVE-2012-5192

Bitweaver <2.8.1 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot encoded slash) sequences in the overlay_type parameter.

Exploits (2)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/22216
metasploit WORKING POC
by David Aaron, Jonathan Claudius, sinn3r · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/bitweaver_overlay_type_traversal.rb

References (1)

Scores

EPSS 0.5826
EPSS Percentile 98.2%

Details

CWE
CWE-22
Status published
Products (11)
bitweaver/bitweaver 1.1
bitweaver/bitweaver 1.1.1_beta
bitweaver/bitweaver 1.2.1
bitweaver/bitweaver 1.3
bitweaver/bitweaver 1.3.1
bitweaver/bitweaver 2.0.0
bitweaver/bitweaver 2.0.2
bitweaver/bitweaver 2.5
bitweaver/bitweaver 2.6
bitweaver/bitweaver 2.7
... and 1 more
Published Jan 28, 2014
Tracked Since Feb 18, 2026