Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the (1) CurrentDirectory and (2) File parameters to index.php.
References
Configurations
History
21 Nov 2024, 00:56
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/archive/1/490341/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/28550 - Exploit | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/41572 - |
Information
Published : 2009-03-25 18:30
Updated : 2024-11-21 00:56
NVD link : CVE-2008-6522
Mitre link : CVE-2008-6522
CVE.ORG link : CVE-2008-6522
JSON object : View
Products Affected
devraj_mukherjee
- openterracotta
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')