Directory Traversal Vulnerability in PluXml by the PluXml Development Team
CVE-2012-2227

Currently unrated

Key Information:

Vendor

Pluxml

Status
Pluxml
Vendor
CVE Published:
26 August 2012

What is CVE-2012-2227?

A directory traversal vulnerability exists in PluXml versions prior to 5.1.6. This issue allows remote unauthenticated attackers to exploit the application through the update/index.php file, enabling them to include and potentially execute arbitrary files on the server. By manipulating the default_lang parameter with encoded dot dot slashes ('..%2F'), attackers can traverse directories and gain access to sensitive files that should be restricted. The exploit poses significant risks to the security and integrity of the affected application and its data.

References

http://www.securityfocus.com/bid/53348
vdb-entryx_refsource_BID
https://www.htbridge.com/advisory/HTB23086
x_refsource_MISC
http://www.exploit-db.com/exploits/18828
exploitx_refsource_EXPLOIT-DB

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2012-2227 : Directory Traversal Vulnerability in PluXml by the PluXml Development Team