CVE-2012-2227

Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter.

🔗 References (18)

• cve@mitrehttp://archives.neohapsis.com/archives/bugtraq/2012-05/0011.html
• cve@mitrehttp://osvdb.org/81638
• cve@mitrehttp://secunia.com/advisories/49026
• cve@mitrehttp://telechargements.pluxml.org/changelog
• cve@mitrehttp://www.exploit-db.com/exploits/18828
• cve@mitrehttp://www.pluxml.org/article59/sortie-de-pluxml-5-1-6
• cve@mitrehttp://www.securityfocus.com/bid/53348
• cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/75330
• cve@mitrehttps://www.htbridge.com/advisory/HTB23086
• af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2012-05/0011.html
• af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/81638
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49026
• af854a3a-2127-422b-91ae-364da2661108http://telechargements.pluxml.org/changelog
• af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/18828
• af854a3a-2127-422b-91ae-364da2661108http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6