CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-16836

Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.868

EPSS Ranking 99.4%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2018-16836

Rubedo Project » Rubedo » Version: 0.9.1

cpe:2.3:a:rubedo_project:rubedo:0.9.1
Rubedo Project » Rubedo » Version: 1.0.0

cpe:2.3:a:rubedo_project:rubedo:1.0.0
Rubedo Project » Rubedo » Version: 1.1.0

cpe:2.3:a:rubedo_project:rubedo:1.1.0
Rubedo Project » Rubedo » Version: 1.2.0

cpe:2.3:a:rubedo_project:rubedo:1.2.0
Rubedo Project » Rubedo » Version: 1.2.1

cpe:2.3:a:rubedo_project:rubedo:1.2.1
Rubedo Project » Rubedo » Version: 1.2.2

cpe:2.3:a:rubedo_project:rubedo:1.2.2
Rubedo Project » Rubedo » Version: 1.3

cpe:2.3:a:rubedo_project:rubedo:1.3
Rubedo Project » Rubedo » Version: 1.3.0

cpe:2.3:a:rubedo_project:rubedo:1.3.0
Rubedo Project » Rubedo » Version: 1.4.0

cpe:2.3:a:rubedo_project:rubedo:1.4.0
Rubedo Project » Rubedo » Version: 1.4.1

cpe:2.3:a:rubedo_project:rubedo:1.4.1
Rubedo Project » Rubedo » Version: 1.4.2

cpe:2.3:a:rubedo_project:rubedo:1.4.2
Rubedo Project » Rubedo » Version: 1.4.3

cpe:2.3:a:rubedo_project:rubedo:1.4.3
Rubedo Project » Rubedo » Version: 2.0

cpe:2.3:a:rubedo_project:rubedo:2.0
Rubedo Project » Rubedo » Version: 2.0.0

cpe:2.3:a:rubedo_project:rubedo:2.0.0
Rubedo Project » Rubedo » Version: 2.1.0

cpe:2.3:a:rubedo_project:rubedo:2.1.0
Rubedo Project » Rubedo » Version: 2.2.0

cpe:2.3:a:rubedo_project:rubedo:2.2.0
Rubedo Project » Rubedo » Version: 3.0.0

cpe:2.3:a:rubedo_project:rubedo:3.0.0
Rubedo Project » Rubedo » Version: 3.1.0

cpe:2.3:a:rubedo_project:rubedo:3.1.0
Rubedo Project » Rubedo » Version: 3.2.0

cpe:2.3:a:rubedo_project:rubedo:3.2.0
Rubedo Project » Rubedo » Version: 3.3.0

cpe:2.3:a:rubedo_project:rubedo:3.3.0
Rubedo Project » Rubedo » Version: 3.3.1

cpe:2.3:a:rubedo_project:rubedo:3.3.1
Rubedo Project » Rubedo » Version: 3.4.0

cpe:2.3:a:rubedo_project:rubedo:3.4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-16836

Products

Pricing

Contact Us