Main Vulnerability Database Exploits ID:11445 - Exploit for Path traversal in Python - CVE-2014-4650

ID:11445 - Exploit for Path traversal in Python - CVE-2014-4650

Published: June 3, 2025

Vulnerability identifier: #VU110146

Vulnerability risk: High

CVE-ID: CVE-2014-4650

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Python

Link to public exploit:

https://www.exploit-db.com/exploits/33894/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.

Remediation

Install update from vendor's website.

ID:11445 - Exploit for Path traversal in Python - CVE-2014-4650

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human