Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.
References
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2011-04-18 18:55
Updated : 2024-02-28 11:41
NVD link : CVE-2011-1715
Mitre link : CVE-2011-1715
CVE.ORG link : CVE-2011-1715
JSON object : View
Products Affected
eyeos
- eyeos
qooxdoo
- qooxdoo
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')