Back to search
CVE-2014-2846
Published: Apr 28, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances
mailing-list
x_refsource_FULLDISC
20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances
mailing-list
x_refsource_BUGTRAQ
http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now