CVE-2013-7300
cantata < 1.2.2 - Absolute Path Traversal via Internal HTTP Server
Title source: llmDescription
Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301.
References (4)
Core 4
Core References
Exploit x_refsource_confirm
https://code.google.com/p/cantata/issues/detail?id=356
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/124
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90580
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/121
Scores
EPSS
0.0154
EPSS Percentile
71.8%
Details
CWE
CWE-22
Status
published
Products (20)
craig_drummond/cantata
0.7.0
craig_drummond/cantata
0.7.1
craig_drummond/cantata
0.8.0
craig_drummond/cantata
0.8.1
craig_drummond/cantata
0.8.2
craig_drummond/cantata
0.8.3
craig_drummond/cantata
0.8.3.1
craig_drummond/cantata
0.9.0
craig_drummond/cantata
0.9.1
craig_drummond/cantata
0.9.2
... and 10 more
Published
Feb 02, 2014
Tracked Since
Feb 18, 2026