CVE-2013-5692

Published Sep 30, 2013

Last updated a month ago

CVSS info 8.5

Overview

Description: Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 8.5
Impact score: 10
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAD0FC2A-1253-4C27-9A45-7C797EC52BA6",
            "versionEndIncluding": "3.4.1"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1F10229-1516-4ED2-8E65-C1A000F8EEEA"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E5EF6CD-930D-48D6-AE6C-8F1433B3D021"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31A7F920-44DB-400D-B84D-6A64AFE70BD6"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "596DDF4A-B22C-413A-B41F-1183046DD831"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9771CF2-8C08-4147-9E44-64A590EBCEAA"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:1.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F2BDA4B-C347-4C49-B940-149841454359"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAB347DC-9333-4ECB-ABB9-EC7E59AA7E31"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A92D478-5E59-4C92-BD99-98D1FC1A4B04"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B05231F-5C57-4105-A69F-25F51DFCD58C"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:2.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51F86330-C908-429F-A522-D97C1B3981B4"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B599DA8D-4569-486C-A8E2-E08C42B2E5F7"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:2.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F070F679-FC7F-422E-944A-14EF7D378076"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "208B7059-7833-4C31-A0DF-2DC56F89AE9D"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:2.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81BD755D-8EA9-4317-87FA-24C625D00C1D"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:2.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "819478F6-FA43-42AA-AB06-A15CD6DBB133"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "079D2C90-5703-4D49-B390-3057C7FF8199"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:2.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2705E4E2-B68F-4832-A38B-A36E35A489C1"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6F25400-6F39-4A1F-8236-3315D750C3A2"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:2.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00B5664F-0F36-4A6A-95D0-129FD48C22A6"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A26C792C-5ADC-4198-9CAF-A0A646762BF3"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "950D1064-0A35-43DC-9689-8271569443F3"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:3.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15FB2970-1E63-45FF-9F31-3B160FE7A666"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8225BA6B-1BE9-4DA6-9096-6130C5CBC95E"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8B55831-A7D4-4CC3-804F-B567E0BFA57F"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:3.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DE9DBF9-1EAF-4244-BD9B-CC6006D508F9"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B44587FD-04E4-46FB-9FD4-C220416C7651"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12AF094B-C661-4607-B7F8-7BA47CC33530"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F911992-7092-4ABF-ADA3-B88E248D9FA1"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:3.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD6347DD-E19B-406A-A120-38AF358C9B24"
          },
          {
            "criteria": "cpe:2.3:a:x2engine:x2crm:3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BACA9AEE-DDE1-4DF2-8ABC-EBC0D6793570"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References