Vulnerability Description
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Razorcms | Razorcms | <= 1.2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/78230
- http://secunia.com/advisories/47461Vendor Advisory
- http://www.exploit-db.com/exploits/18344Exploit
- http://www.razorcms.co.uk/archive/core/old/razorCMS_core_v1_2_1_STABLE.zipPatch
- http://www.securityfocus.com/bid/51344Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72268
- http://osvdb.org/78230
- http://secunia.com/advisories/47461Vendor Advisory
- http://www.exploit-db.com/exploits/18344Exploit
- http://www.razorcms.co.uk/archive/core/old/razorCMS_core_v1_2_1_STABLE.zipPatch
- http://www.securityfocus.com/bid/51344Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72268
FAQ
What is CVE-2012-6038?
CVE-2012-6038 is a vulnerability with a CVSS score of 6.5 (MEDIUM). admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move...
How severe is CVE-2012-6038?
CVE-2012-6038 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6038?
Check the references section above for vendor advisories and patch information. Affected products include: Razorcms Razorcms.