Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| salvo_g._tomaselli | weborf | 0.7 |
| salvo_g._tomaselli | weborf | 0.11 |
| salvo_g._tomaselli | weborf | 0.4 |
| salvo_g._tomaselli | weborf | 0.5 |
| salvo_g._tomaselli | weborf | 0.3 |
| salvo_g._tomaselli | weborf | * |
| salvo_g._tomaselli | weborf | 0.6 |
| salvo_g._tomaselli | weborf | 0.12.1 |
| salvo_g._tomaselli | weborf | 0.10 |
| salvo_g._tomaselli | weborf | 0.9 |
| salvo_g._tomaselli | weborf | 0.12 |
| salvo_g._tomaselli | weborf | 0.8 |