NVD

Id
25862  
Name
CVE-2015-4425  
Description
Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.  
Reject
 
CVSS Version
2  
CVSS Score
4.9  
Severity
Medium  
CVSS Base Score
4.9  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:N/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-08-18  
Modified Date
2015-08-19  
Seq
2015-4425  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
136370 25862 CVE-2015-4425 20150713 CVE-2015-4425 - Directory Traversal/Configuration Update In Pimcore CMS  View
136371 25862 CVE-2015-4425 https://github.com/pimcore/pimcore/commit/4f2a95f877d406a054f9f2253475fe58c76aa03d  View
136372 25862 CVE-2015-4425 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-4425/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
8997 JVNDB-2015-004317 pimcore におけるディレクトリトラバーサルの脆弱性 pimcore には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2015-4425 81650 CVE-2015-4425 25862 4.9 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-004317.html 2015-04-20 2015-08-24 View