CVE-2018-12909

{"id": "CVE-2018-12909", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-06-27T16:29:00.300", "references": [{"url": "https://github.com/jokkedk/webgrind/issues/112", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a \"publicly accessible environment."}, {"lang": "es", "value": "** EN DISPUTA ** Webgrind 1.5 depende de las entradas de usuario para mostrar un archivo, lo que deja que cualquiera pueda ver archivos desde el sistema de archivos local (al que tiene acceso el usuario del servidor web) mediante un URI index.php?op=fileviewerfile= URI. NOTA: el fabricante indica que el producto no est\u00e1 pensado para un \"entorno accesible p\u00fablicamente\"."}], "lastModified": "2024-04-11T01:00:24.263", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webgrind_project:webgrind:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFEBB4F6-513E-468B-A981-979BA4FDBA8D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}