CVE-2015-5313

LOW Year: 2015
CVSS v3 Score
2.5
Low
CVSS v2 Score
1.9
Low
Weakness Type
CWE-22
View all →

Vulnerability Description

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.

Related Vulnerabilities

CVE-2016-1212

LOW
CVSS:2.7(Low)

Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.

CWE-222016

CVE-2016-3972

LOW
CVSS:2.7(Low)

Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.

CWE-222016

CVE-2018-16237

LOW
CVSS:2.7(Low)

An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI.

CWE-222018

CVE-2019-9889

LOW
CVSS:2.7(Low)

In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with...

CWE-222019

CVE-2020-10457

LOW
CVSS:2.7(Low)

Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST ...

CWE-222020

CVE-2020-10459

LOW
CVSS:2.7(Low)

Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that ...

CWE-222020