CVE-2018-16836 Information
Feb 14, 2021
cve
Description
Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path as demonstrated by a /theme/default/img/2e2e/..//etc/passwd URI.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://github.com/maroueneboubakri/CVE/tree/master/rubedo-cms https://www.exploit-db.com/exploits/45385/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: