Vulnerability Database

290,273

Total vulnerabilities in the database

CVE-2013-5979

Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.

  • Published: Oct 3, 2013
  • Updated: Apr 13, 2023
  • CVE: CVE-2013-5979
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
springsignage / xibo 1.2.0-rc2 1.2.0-rc2.x
springsignage / xibo 1.4.1 1.4.1.x
springsignage / xibo 1.2.1 1.2.1.x
springsignage / xibo 1.2.2 1.2.2.x
springsignage / xibo 1.4.0 1.4.0.x
springsignage / xibo 1.2.0 1.2.0.x
springsignage / xibo 1.2.0-rc1 1.2.0-rc1.x
springsignage / xibo 1.4.0-rc1 1.4.0-rc1.x