CVE-2017-11440

MEDIUM

Sitecore Cms - Path Traversal

Title source: rule

Description

In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter.

References (2)

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/143357/Sitecore-CMS-8.2-Cross-Site-Scripting-File-Disclosure.html

[Exploit, Third Party Advisory] https://xc0re.net/2017/07/03/sitecore-cms-v-8-2-multiple-vulnerabilties/

Scores

CVSS v3 4.9

EPSS 0.0087

EPSS Percentile 75.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

sitecore/cms

n/a/n/a

Published Jul 19, 2017

Tracked Since Feb 18, 2026