CVE-2013-4510
Tryton 3.0.0 - Path Traversal and Arbitrary File Write via Report Extension
Title source: llmDescription
Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report.
References (5)
Core 5
Core References
Exploit, Patch x_refsource_confirm
http://hg.tryton.org/tryton/rev/357d0a4d9cb8
Vendor Advisory x_refsource_confirm
http://www.tryton.org/posts/security-release-for-issue3446.html
Patch x_refsource_confirm
https://bugs.tryton.org/issue3446
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/11/04/21
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2791
Scores
EPSS
0.0214
EPSS Percentile
79.8%
Details
CWE
CWE-22
Status
published
Products (2)
pypi/trytond
PyPI
tryton/tryton
3.0.0
Published
Nov 18, 2013
Tracked Since
Feb 18, 2026