What is CVE-2012-4031?

CVE-2012-4031 is a vulnerability in Wangkongbao Cns-1000, classified under Path Traversal. Published 2012-07-17.

Is CVE-2012-4031 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Wangkongbao Cns-1000

CVE-2012-4031

Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) langid cookie to port 85.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.721 (98.8th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

rapid7/metasploit-framework

References

wangkongbao-acloglogin-directory-traversal(76682) (vdb-entry, x_refsource_XF)
83636 (x_refsource_OSVDB, vdb-entry)
19526 (Exploit, exploit, x_refsource_EXPLOIT-DB)
54267 (Exploit, vdb-entry, x_refsource_BID)
49776 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2012-4031?: CVE-2012-4031 is a vulnerability in Wangkongbao Cns-1000, classified under Path Traversal. Published 2012-07-17.
Is CVE-2012-4031 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.