Path Traversal Vulnerability in Sitecore CRM by Sitecore
CVE-2017-5966

4.9MEDIUM

Key Information:

Vendor: Sitecore
Status: Crm
Vendor: CVE Published:; 23 May 2017

What is CVE-2017-5966?

The vulnerability in Sitecore CRM 8.1 Rev 151207 enables remote authenticated administrators to exploit a path traversal flaw. This security issue allows unauthorized file access through the sitecore/shell/download.aspx endpoint, potentially leading to sensitive data exposure. Attackers can manipulate the file parameter to read arbitrary files on the server, highlighting the need for proper input validation and enhanced security measures.

References

http://research.aurainfosec.io/disclosures/2017-05-18-sit...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2017
Vulnerability Reserved
Feb 11, 2017