NVD

Id
46994  
Name
CVE-2012-6038  
Description
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2012-11-26  
Modified Date
2012-11-27  
Seq
2012-6038  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
235350 46994 CVE-2012-6038 18344  View
235351 46994 CVE-2012-6038 http://www.razorcms.co.uk/archive/core/old/razorCMS_core_v1_2_1_STABLE.zip  View
235352 46994 CVE-2012-6038 51344  View
235353 46994 CVE-2012-6038 razorcms-adminfunc-security-bypass(72268)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
29841 JVNDB-2012-005548 razorCMS の admin/core/admin_func.php におけるファイルを閲覧される脆弱性 razorCMS の admin/core/admin_func.php は、特定の管理者向けディレクトリとファイルへのアクセスを適切に制限しないため、ファイルを閲覧、編集、リネーム、移動、コピー、および削除される脆弱性が存在します。 CVE-2012-6038 59276 CVE-2012-6038 46994 6.5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005548.html 2012-11-26 2012-11-28 View