Back to search
CVE-2008-1606
Published: Apr 1, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
28352
vdb-entry
x_refsource_BID
http://weblog.nomejortu.com/?p=37
x_refsource_MISC
elasticpath-multiple-directory-traversal(41356)
vdb-entry
x_refsource_XF
elasticpath-pathdir-directory-traversal(41364)
vdb-entry
x_refsource_XF
29496
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now