CVE-2014-3777

Reportico PHP Report Designer < 4.0 - Path Traversal via XMLIN Parameter

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the xmlin parameter.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/108612
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Jun/144
Various Sources x_refsource_misc
http://www.secveritas.com/secv-05-1402.html

Scores

EPSS 0.0368
EPSS Percentile 88.3%

Details

CWE
CWE-22
Status published
Products (21)
reportico/php_report_designer 1.0.0
reportico/php_report_designer 1.0.1
reportico/php_report_designer 1.0.2
reportico/php_report_designer 1.0.3
reportico/php_report_designer 1.0.4
reportico/php_report_designer 1.0.5
reportico/php_report_designer 1.0.6
reportico/php_report_designer 2.0
reportico/php_report_designer 2.0.1
reportico/php_report_designer 2.1
... and 11 more
Published Jul 16, 2014
Tracked Since Feb 18, 2026