CVE-2017-7258 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as demonstrated by reading core-emli/Storage. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Auromeera	Emli	1.0

Related Weaknesses (CWE)

CWE-22

References

http://www.securityfocus.com/bid/97255Third Party AdvisoryVDB Entry
https://sudoat.blogspot.in/2017/03/path-traversal-vulnerability-in-emli.htmlThird Party Advisory
http://www.securityfocus.com/bid/97255Third Party AdvisoryVDB Entry
https://sudoat.blogspot.in/2017/03/path-traversal-vulnerability-in-emli.htmlThird Party Advisory

FAQ

What is CVE-2017-7258?

CVE-2017-7258 is a vulnerability with a CVSS score of 7.5 (HIGH). HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can le...

How severe is CVE-2017-7258?

CVE-2017-7258 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-7258?

Check the references section above for vendor advisories and patch information. Affected products include: Auromeera Emli.