Vulnerability Description
WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webidsupport | Webid | <= 1.2.2 |
Related Weaknesses (CWE)
References
- http://bugs.webidsupport.com/view.php?id=646Issue TrackingRelease NotesVendor Advisory
- https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7fPatch
- https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_VulnExploitThird Party Advisory
- http://bugs.webidsupport.com/view.php?id=646Issue TrackingRelease NotesVendor Advisory
- https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7fPatch
- https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_VulnExploitThird Party Advisory
FAQ
What is CVE-2018-1000882?
CVE-2018-1000882 is a vulnerability with a CVSS score of 7.5 (HIGH). WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET R...
How severe is CVE-2018-1000882?
CVE-2018-1000882 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000882?
Check the references section above for vendor advisories and patch information. Affected products include: Webidsupport Webid.