Directory Traversal Vulnerability in Chevereto Image Hosting Software
CVE-2012-2919

Currently unrated

Key Information:

Vendor

Chevereto

Status
Vendor
CVE Published:
21 May 2012

What is CVE-2012-2919?

A directory traversal vulnerability exists in Chevereto 1.9.1, specifically in the Upload/engine.php file, allowing remote attackers to exploit the file upload function. By utilizing a crafted request containing '../' in the 'v' parameter, an attacker can bypass security mechanisms to determine the existence of arbitrary files on the server. This potentially exposes sensitive information and could lead to further attacks if the attacker gains access to critical files.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.