The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-16,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| simone_rota | slim_simple_login_manager | 1.2.2 |
| simone_rota | slim_simple_login_manager | 1.2.4 |
| simone_rota | slim_simple_login_manager | 1.2.5 |
| simone_rota | slim_simple_login_manager | 1.2.1 |
| simone_rota | slim_simple_login_manager | * |
| simone_rota | slim_simple_login_manager | 1.3.0 |
| simone_rota | slim_simple_login_manager | 1.2.6 |
| simone_rota | slim_simple_login_manager | 1.1.0 |
| simone_rota | slim_simple_login_manager | 1.0.0 |
| simone_rota | slim_simple_login_manager | 1.2.3 |
| simone_rota | slim_simple_login_manager | 1.2.0 |