CVE-2013-4510

Tryton 3.0.0 - Path Traversal and Arbitrary File Write via Report Extension

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report.

References (5)

Core 5
Core References
Exploit, Patch x_refsource_confirm
http://hg.tryton.org/tryton/rev/357d0a4d9cb8
Patch x_refsource_confirm
https://bugs.tryton.org/issue3446
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/11/04/21
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2791

Scores

EPSS 0.0214
EPSS Percentile 79.8%

Details

CWE
CWE-22
Status published
Products (2)
pypi/trytond PyPI
tryton/tryton 3.0.0
Published Nov 18, 2013
Tracked Since Feb 18, 2026