WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.
References
Link | Resource |
---|---|
http://bugs.webidsupport.com/view.php?id=646 | Issue Tracking Release Notes Vendor Advisory |
https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f | Patch |
https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:21:59
Updated: 2022-10-03T16:21:59
Reserved: 2018-12-03T00:00:00
Link: CVE-2018-1000882
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-12-20T17:29:01.410
Modified: 2019-01-07T20:53:56.267
Link: CVE-2018-1000882
JSON object: View
Redhat Information
No data.
CWE