Path Traversal in Vmturbo Operations_manager

CVE-2014-3806

Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.114 (93.7th percentile) — read the EPSS interpretation.

Affected products

Vmturbo Operations_manager — versions 4.0
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

106776 (x_refsource_OSVDB, vdb-entry)
20140508 Directory Traversal Vulnerability in VMTurbo Operations Manager 4.5 or earlier (mailing-list, x_refsource_BUGTRAQ)
33334 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (Exploit, x_refsource_MISC)
67292 (vdb-entry, x_refsource_BID)