What is CVE-2018-17934?

CVE-2018-17934 is a vulnerability in Nuuo Cms, classified under Path Traversal. Published 2018-11-27.

Is CVE-2018-17934 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Nuuo Cms

CVE-2018-17934

NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.678 (98.6th percentile) — read the EPSS interpretation.

Affected products

N/a Nuuo Cms — versions All versions 3.3 and prior

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

rapid7/metasploit-framework

References

ics-cert.us-cert.gov/advisories/ICSA-18-284-02 (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-17934?: CVE-2018-17934 is a vulnerability in Nuuo Cms, classified under Path Traversal. Published 2018-11-27.
Is CVE-2018-17934 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.