CVE-2012-1839

Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information.

Published: Mar 22, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-1839
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
ajaxplorer / ajaxplorer	3.2.3	3.2.3.x
ajaxplorer / ajaxplorer	3.2.1	3.2.1.x
ajaxplorer / ajaxplorer	3.2.2	3.2.2.x
ajaxplorer / ajaxplorer	3.2	3.2.x
ajaxplorer / ajaxplorer	3.2.4	3.2.4.x
ajaxplorer / ajaxplorer	4.0.3	4.0.3.x
ajaxplorer / ajaxplorer	4.0	4.0.x
ajaxplorer / ajaxplorer	4.0.2	4.0.2.x
ajaxplorer / ajaxplorer	4.0.1	4.0.1.x

Vulnerability Database

CVE-2012-1839