Vulnerability CVE-2018-1000550


Published: 2018-06-26

Description:
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Sympa -> Sympa 
Debian -> Debian linux 

 References:
https://lists.debian.org/debian-lts-announce/2018/07/msg00033.html
https://sympa-community.github.io/security/2018-001.html
https://www.debian.org/security/2018/dsa-4285

Copyright 2024, cxsecurity.com

 

Back to Top