CRITICAL🇵🇱 Wersja polska

CVE-2018-17934

CVSS 9.8v3.0pub. 2018-11-27upd. 2024-11-21

NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nuuo Cms

    APP
    Nuuo
    ≤ 3.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath Traversal
CWE
References

Related vulnerabilities

CVE-2018-17936CRITICAL9.8ten sam produkt

NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or ov...

CVE-2018-17888CRITICAL9.8ten sam produkt

NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow ...

CVE-2018-17890CRITICAL9.8ten sam produkt

NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functi...

CVE-2018-17894CRITICAL9.8ten sam produkt

NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, ...

CVE-2018-18982HIGH8.8ten sam produkt

NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, w...