CVE-2018-1000882

Published: Dec 20, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.

Affected (1)

Products: Webidsupport: Webid

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Webidsupport Webid	Up to 1.2.2

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (6)

http://bugs.webidsupport.com/view.php?id=646

Source: cve@mitre.org

Issue TrackingRelease NotesVendor Advisory

https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f

Source: cve@mitre.org

Patch

https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt

Source: cve@mitre.org

ExploitThird Party Advisory

http://bugs.webidsupport.com/view.php?id=646

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingRelease NotesVendor Advisory

https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.