CVE-2017-7258

{"id": "CVE-2017-7258", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-03-29T20:59:00.340", "references": [{"url": "http://www.securityfocus.com/bid/97255", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://sudoat.blogspot.in/2017/03/path-traversal-vulnerability-in-emli.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as demonstrated by reading core-emli/Storage. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0."}, {"lang": "es", "value": "HTTP Exploit en el portal eMLi en AuroMeera Technometrix Pvt. Ltd. eMLi permite a un atacante ver informaci\u00f3n restringida o (a\u00fan m\u00e1s seriamente) ejecutar comandos poderosos en el servidor web lo que puede llevar a un compromiso total del sistema a trav\u00e9s de Path Path Directory, como lo demuestra la lectura core-emli/Storage. Las versiones afectas son eMLi School Management 1.0, eMLi College Campus Management 1.0, y eMLi University Management 1.0."}], "lastModified": "2017-04-10T16:27:25.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:auromeera:emli:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6EEF9FE-FE5D-454A-9B43-A9A2CFEE8722"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}