CVE-2010-3487

MEDIUM

Description

Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL.

References

http://packetstormsecurity.org/1009-exploits/pinky10-traversal.txt

http://secunia.com/advisories/41538

http://www.johnleitch.net/Vulnerabilities/Pinky.1.0.Directory.Traversal/42

http://www.osvdb.org/68141

Details

Source: MITRE

Published: 2010-09-22

Updated: 2010-09-23

Type: CWE-22

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM