1.1.5

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

jupiter-cms

NVD

Published: 2006-04-29

Updated: 2008-09-05

Summary

Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote attackers to read arbitrary files via ".." sequences terminated by a %00 (null) character in the n parameter.

Vulnerable Configurations

Part	Description	Count
Application	Jupiter_Cms Jupiter CMS Jupiter CMS 1.1.4 Jupiter CMS Jupiter CMS 1.1.5	2

References

http://downloads.securityfocus.com/vulnerabilities/exploits/jupitercms-lteq1.1.5-local-file-include.txt
http://www.securityfocus.com/bid/17716