Main Vulnerability Database Vulnerabilities #VU40867

#VU40867 Path traversal in Codoforum - CVE-2014-9261

Published: March 23, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40867

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2014-9261

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Codoforum

Software vendor:
Codologic

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.

Remediation

Install update from vendor's website.

External links

http://osvdb.org/show/osvdb/119412
http://packetstormsecurity.com/files/130739/Codoforum-2.5.1-Arbitrary-File-Download.html
http://security.szurek.pl/codoforum-251-arbitrary-file-download.html
http://www.exploit-db.com/exploits/36320
https://codoforum.com/documentation/roadmap

#VU40867 Path traversal in Codoforum - CVE-2014-9261

Description

Remediation

External links

Please verify you're human