Description
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.
Exploits (4)
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89818
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Dec/121
Scores
EPSS
0.1156
EPSS Percentile
93.7%
Details
CWE
CWE-22
Status
published
Products (1)
iscripts/autohoster
2.4
Published
Dec 20, 2013
Tracked Since
Feb 18, 2026