Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/.
References
Configurations
History
10 Dec 2021, 16:58
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:plex:media_server:*:*:*:*:*:*:*:* |
Information
Published : 2014-12-02 16:59
Updated : 2024-02-04 18:35
NVD link : CVE-2014-9181
Mitre link : CVE-2014-9181
CVE.ORG link : CVE-2014-9181
JSON object : View
Products Affected
plex
- media_server
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')