Vulnerability Details CVE-2016-9835
Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.039
EPSS Ranking 87.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.securityfocus.com/bid/95005
- https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md
- https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md
- https://github.com/zikula/core/issues/3237
- http://www.securityfocus.com/bid/95005
- https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md
- https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md
- https://github.com/zikula/core/issues/3237
Products affected by CVE-2016-9835
-
cpe:2.3:a:zikula:zikula_application_framework:1.3.0
-
cpe:2.3:a:zikula:zikula_application_framework:1.3.1
-
cpe:2.3:a:zikula:zikula_application_framework:1.3.10
-
cpe:2.3:a:zikula:zikula_application_framework:1.3.2
-
cpe:2.3:a:zikula:zikula_application_framework:1.3.3
-
cpe:2.3:a:zikula:zikula_application_framework:1.3.4
-
cpe:2.3:a:zikula:zikula_application_framework:1.3.5
-
cpe:2.3:a:zikula:zikula_application_framework:1.3.6
-
cpe:2.3:a:zikula:zikula_application_framework:1.3.7
-
cpe:2.3:a:zikula:zikula_application_framework:1.3.8
-
cpe:2.3:a:zikula:zikula_application_framework:1.3.9
-
cpe:2.3:a:zikula:zikula_application_framework:1.4.0
-
cpe:2.3:a:zikula:zikula_application_framework:1.4.1
-
cpe:2.3:a:zikula:zikula_application_framework:1.4.2
-
cpe:2.3:a:zikula:zikula_application_framework:1.4.3