CVE-2012-6038

Published: Nov 26, 2012Modified: Apr 29, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."

Affected (16)

Products: Razorcms: Razorcms

1 product

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Razorcms Razorcms	Up to 1.2
Razorcms Razorcms	Version 0.2
Razorcms Razorcms	Version 0.2 rc2
Razorcms Razorcms	Version 0.2 rc
Razorcms Razorcms	Version 0.3
Razorcms Razorcms	Version 0.3 beta1
Razorcms Razorcms	Version 0.3 beta2
Razorcms Razorcms	Version 0.3 beta
Razorcms Razorcms	Version 0.3 rc2
Razorcms Razorcms	Version 0.3 rc
Razorcms Razorcms	Version 0.4
Razorcms Razorcms	Version 1.0
Razorcms Razorcms	Version 1.0 beta2
Razorcms Razorcms	Version 1.0 beta
Razorcms Razorcms	Version 1.0 rc
Razorcms Razorcms	Version 1.1

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (12)

http://osvdb.org/78230

Source: cve@mitre.org

http://secunia.com/advisories/47461

Source: cve@mitre.org

Vendor Advisory

http://www.exploit-db.com/exploits/18344

Source: cve@mitre.org

Exploit

http://www.razorcms.co.uk/archive/core/old/razorCMS_core_v1_2_1_STABLE.zip

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/51344

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/72268

Source: cve@mitre.org

http://osvdb.org/78230

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/47461

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.exploit-db.com/exploits/18344

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.razorcms.co.uk/archive/core/old/razorCMS_core_v1_2_1_STABLE.zip

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/bid/51344

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/72268

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.