Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2011-04-18 11:55
Updated : 2017-08-16 18:34
NVD link : CVE-2011-1715
Mitre link : CVE-2011-1715
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
qooxdoo
- qooxdoo
eyeos
- eyeos