CVE-2011-5136

{"id": "CVE-2011-5136", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-08-30T22:55:04.577", "references": [{"url": "http://osvdb.org/77505", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2011/Dec/125", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/47072", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71630", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/77505", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2011/Dec/125", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/47072", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71630", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "showImg.php in EPractize Labs Subscription Manager, possibly 1.0, allows remote attackers to overwrite arbitrary files via the db parameter."}, {"lang": "es", "value": "showImg.php en EPractize Labs Subscription Manager, posiblemente v1.0, permite a atacantes remotos sobreescribir ficheros arbitrarios a trav\u00e9s del par\u00e1metro db."}], "lastModified": "2024-11-21T01:33:43.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:epractizelabs:subscription_manager:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AFC52D7-BB44-4C7E-B7A8-BF4E3DFF5191"}], "operator": "OR"}]}], "vendorComments": [{"comment": "The PHP is used for tracking open email report in Email Marketing Software Express. It will not be called in any of your free subscription manager PHPs. \n\nWe removed showImg.php from the latest version. You can verify at http://www.epractizelabs.com/email-marketing/subscription-manager.html (click download, extract and verify the contents).\n\n", "lastModified": "2012-11-29T00:00:00", "organization": "EPractize Labs Software"}], "sourceIdentifier": "cve@mitre.org"}