CVE-2013-5692

high

Description

Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.

References

https://www.htbridge.com/advisory/HTB23172

http://www.exploit-db.com/exploits/28557

http://osvdb.org/97365

http://archives.neohapsis.com/archives/bugtraq/2013-09/0117.html

Details

Source: Mitre, NVD

Published: 2013-09-30

Updated: 2013-10-01

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H