Vulnerability Details CVE-2013-5979
Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.489
EPSS Ranking 97.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www.baesystemsdetica.com.au/Research/Advisories/Xibo-Directory-Traversal-Vulnerability-%28DS-2013-00
- https://bugs.launchpad.net/xibo/+bug/1093967
- http://www.baesystemsdetica.com.au/Research/Advisories/Xibo-Directory-Traversal-Vulnerability-%28DS-2013-00
- https://bugs.launchpad.net/xibo/+bug/1093967
Products affected by CVE-2013-5979
-
cpe:2.3:a:springsignage:xibo:1.2.0
-
cpe:2.3:a:springsignage:xibo:1.2.1
-
cpe:2.3:a:springsignage:xibo:1.2.2
-
cpe:2.3:a:springsignage:xibo:1.4.0
-
cpe:2.3:a:springsignage:xibo:1.4.1