CVE-2014-5258

NUCLEI

Webedition Cms < 6.3.8.0 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.

Exploits (1)

exploitdb WRITEUP

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/34761

View Code ZIP pw:eip

Nuclei Templates (1)

webEdition 6.3.8.0 - Directory Traversal

MEDIUMby daffainfo

Shodan: cpe:"cpe:2.3:a:webedition:webedition_cms"

References (5)

[Exploit] http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html

[Vendor Advisory] http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen

[Vendor Advisory] http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0

[Exploit] https://www.htbridge.com/advisory/HTB23227

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/533465/100/0/threaded

Scores

EPSS 0.8120

EPSS Percentile 99.2%

Details

CWE

CWE-22

Status published

Products (1)

webedition/webedition_cms < 6.3.8.0

Published Nov 06, 2014

Tracked Since Feb 18, 2026