← Back

CVE-2012-1839

nvd nist
Published: Mar 22, 2012Modified: Apr 29, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information.

Affected (9)

Ajaxplorer
1 product
Ajaxplorer
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Ajaxplorer
Ajaxplorer
Version 3.2.1
Ajaxplorer
Version 3.2.2
Ajaxplorer
Version 3.2.3
Ajaxplorer
Version 3.2.4
Ajaxplorer
Version 3.2
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Ajaxplorer
Ajaxplorer
Version 4.0.1
Ajaxplorer
Version 4.0.2
Ajaxplorer
Version 4.0.3
Ajaxplorer
Version 4.0

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (12)

Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
PatchUS Government Resource
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.