Vulnerability Description
Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Montala | Resourcespace | <= 7.1.6513 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/132142/ResourceSpace-7.1.6513-Local-File-InExploit
- http://svn.montala.com/websvn/revision.php?repname=ResourceSpace&path=%2F&rev=66
- http://www.securityfocus.com/archive/1/535669/100/0/threaded
- http://www.securityfocus.com/bid/75019
- https://www.htbridge.com/advisory/HTB23258Exploit
- http://packetstormsecurity.com/files/132142/ResourceSpace-7.1.6513-Local-File-InExploit
- http://svn.montala.com/websvn/revision.php?repname=ResourceSpace&path=%2F&rev=66
- http://www.securityfocus.com/archive/1/535669/100/0/threaded
- http://www.securityfocus.com/bid/75019
- https://www.htbridge.com/advisory/HTB23258Exploit
FAQ
What is CVE-2015-3648?
CVE-2015-3648 is a vulnerability with a CVSS score of 7.5 (HIGH). Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the def...
How severe is CVE-2015-3648?
CVE-2015-3648 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3648?
Check the references section above for vendor advisories and patch information. Affected products include: Montala Resourcespace.