CVE-2012-6064

NONECVSS 0.0

0.0

Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files.

🔗 References (14)

cve@mitrehttp://archives.neohapsis.com/archives/bugtraq/2012-11/0035.html
cve@mitrehttp://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545
cve@mitrehttp://packetstormsecurity.org/files/117951/CMS-Made-Simple-1.11.2-Cross-Site-Request-Forgery.html
cve@mitrehttp://secunia.com/advisories/51185
cve@mitrehttp://viewsvn.cmsmadesimple.org/diff.php?repname=cmsmadesimple&path=%2Ftrunk%2Flib%2Ffilemanager%2FImageManager%2FClasses%2FImageManager.php&rev=8400&peg=8498
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/79881
cve@mitrehttps://www.htbridge.com/advisory/HTB23121
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2012-11/0035.html
af854a3a-2127-422b-91ae-364da2661108http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.org/files/117951/CMS-Made-Simple-1.11.2-Cross-Site-Request-Forgery.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51185
af854a3a-2127-422b-91ae-364da2661108http://viewsvn.cmsmadesimple.org/diff.php?repname=cmsmadesimple&path=%2Ftrunk%2Flib%2Ffilemanager%2FImageManager%2FClasses%2FImageManager.php&rev=8400&peg=8498
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/79881
af854a3a-2127-422b-91ae-364da2661108https://www.htbridge.com/advisory/HTB23121

Is Your Infrastructure Affected by CVE-2012-6064?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-6064

📅 Published

🔄 Last Modified

🔗 References (14)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-6064?