Path Traversal in Revive-adserver Revive_adserver
CVE-2015-7372
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.020 (83.8th percentile) — read the EPSS interpretation.
Affected products
- Revive-adserver Revive_adserver
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- 20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
- 20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities (mailing-list, x_refsource_FULLDISC)
- cve@mitre.org (x_refsource_MISC)