CVE-2012-5192

Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot encoded slash) sequences in the overlay_type parameter.

Published: Jan 28, 2014
Updated: Apr 13, 2023
CVE: CVE-2012-5192
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
bitweaver / bitweaver	2.5	2.5.x
bitweaver / bitweaver	1.3	1.3.x
bitweaver / bitweaver	2.0.2	2.0.2.x
bitweaver / bitweaver	2.0.0	2.0.0.x
bitweaver / bitweaver	1.2.1	1.2.1.x
bitweaver / bitweaver	-	2.8.1.x
bitweaver / bitweaver	2.7	2.7.x
bitweaver / bitweaver	2.6	2.6.x
bitweaver / bitweaver	1.1	1.1.x
bitweaver / bitweaver	1.3.1	1.3.1.x
bitweaver / bitweaver	1.1.1_beta	1.1.1_beta.x

https://www.trustwave.com/spiderlabs/advisories/TWSL2012-016.txt

Vulnerability Database

291,049

CVE-2012-5192