1. Home
  2. CVE Database
  3. CVE-2018-1000550
CRITICAL · 9.8

CVE-2018-1000550

The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify file...

Vulnerability Description

The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
SympaSympa< 6.2.32
DebianDebian Linux8.0

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2018-1000550?

CVE-2018-1000550 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify file...

How severe is CVE-2018-1000550?

CVE-2018-1000550 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-1000550?

Check the references section above for vendor advisories and patch information. Affected products include: Sympa Sympa, Debian Debian Linux.