CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-14957

CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://cxsecurity.com/issue/WLB-2018090248
https://cxsecurity.com/issue/WLB-2018090248

Products affected by CVE-2018-14957

Isweb » Isweb » Version: 3.5.3

cpe:2.3:a:isweb:isweb:3.5.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-14957

Products

Pricing

Contact Us