PT-2017-12590 · Slims · Slims
Trichimtrichop
·
Published
2017-08-06
·
Updated
2017-08-14
·
CVE-2017-12586
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SLiMS versions 8 Akasia through 8.3.1
Description
The issue is related to an arbitrary file reading problem due to directory traversal in the
url parameter to "admin/help.php". This can be exploited by remote authenticated librarian users.Recommendations
For versions 8 Akasia through 8.3.1, consider restricting access to the "admin/help.php" endpoint until a patch is available. As a temporary workaround, avoid using the
url parameter in the affected endpoint to minimize the risk of exploitation.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Slims