Main Vulnerability Database Vulnerabilities #VU40867

Path traversal in Codoforum - CVE-2014-9261

Published: March 23, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40867

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2014-9261

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Codologic

Affected software:
Codoforum

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.

How to mitigate CVE-2014-9261

Install update from vendor's website.

Sources

http://osvdb.org/show/osvdb/119412
http://packetstormsecurity.com/files/130739/Codoforum-2.5.1-Arbitrary-File-Download.html
http://security.szurek.pl/codoforum-251-arbitrary-file-download.html
http://www.exploit-db.com/exploits/36320
https://codoforum.com/documentation/roadmap

Path traversal in Codoforum - CVE-2014-9261

Detailed vulnerability description

How to mitigate CVE-2014-9261

Sources

Please verify you're human