CVE-2011-3837 - OpenCVE

Directory traversal vulnerability in blog_system/data_functions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the preview parameter to index.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Wuzly	Wuzly

Configuration 1 [-]

cpe:2.3:a:wuzly:wuzly:2.0:*:*:*:*:*:*:*

References

Link	Resource
http://osvdb.org/77912
http://secunia.com/advisories/46163
http://secunia.com/secunia_research/2011-87/	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/71903

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: flexera

Published: 2011-12-24T19:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2011-09-26T00:00:00

Link: CVE-2011-3837

JSON object: View

NVD Information

Status : Modified

Published: 2011-12-24T19:55:03.897

Modified: 2017-08-29T01:30:19.350

Link: CVE-2011-3837

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-12-19T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in blog_system/data_functions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the preview parameter to index.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "wuzly-index-file-include(71903)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71903"}, {"name": "46163", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46163"}, {"name": "77912", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/77912"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2011-87/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2011-3837", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in blog_system/data_functions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the preview parameter to index.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "wuzly-index-file-include(71903)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71903"}, {"name": "46163", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/46163"}, {"name": "77912", "refsource": "OSVDB", "url": "http://osvdb.org/77912"}, {"name": "http://secunia.com/secunia_research/2011-87/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2011-87/"}]}}}}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2011-3837", "datePublished": "2011-12-24T19:00:00", "dateReserved": "2011-09-26T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}