CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-7190

Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.094

EPSS Ranking 92.4%

CVSS Severity

CVSS v2 Score 5.0

References

http://seclists.org/fulldisclosure/2013/Dec/121
https://exchange.xforce.ibmcloud.com/vulnerabilities/89818
http://seclists.org/fulldisclosure/2013/Dec/121
https://exchange.xforce.ibmcloud.com/vulnerabilities/89818

Products affected by CVE-2013-7190

Iscripts » Autohoster » Version: 2.4

cpe:2.3:a:iscripts:autohoster:2.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-7190

Products

Pricing

Contact Us