Details of VAR-201012-0075

ID

VAR-201012-0075

CVE

CVE-2010-4613

TITLE

Hycus CMS Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2010-003551

DESCRIPTION

Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the site parameter to (1) index.php and (2) admin.php. Hycus CMS A directory traversal vulnerability exists.By a third party (1) index.php and (2) admin.php To site Parameter .. ( Dot dot ) May contain and execute arbitrary local files via. Hycus CMS is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. Exploiting these issues can allow attacker view local files within the context of the webserver, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. Hycus CMS 1.0.3 is vulnerable; other versions may also be affected

Trust: 1.89

sources: NVD: CVE-2010-4613 // JVNDB: JVNDB-2010-003551 // BID: 45527

AFFECTED PRODUCTS

vendor:	hycus	model:	cms	scope:	eq	version:	1.0.3	Trust: 1.9
vendor:	hycus cms	model:	hycus cms	scope:	eq	version:	1.0.3	Trust: 0.8

sources: BID: 45527 // JVNDB: JVNDB-2010-003551 // CNNVD: CNNVD-201012-333 // NVD: CVE-2010-4613

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-4613
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-4613
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201012-333
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2010-4613
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2010-003551 // CNNVD: CNNVD-201012-333 // NVD: CVE-2010-4613

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2010-003551 // NVD: CVE-2010-4613

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201012-333

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201012-333

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-003551

PATCH

title:

Top Page

url:

http://blog.hycus.com/

Trust: 0.8

sources: JVNDB: JVNDB-2010-003551

EXTERNAL IDS

db:	NVD	id:	CVE-2010-4613	Trust: 2.7
db:	BID	id:	45527	Trust: 1.9
db:	EXPLOIT-DB	id:	15797	Trust: 1.6
db:	JVNDB	id:	JVNDB-2010-003551	Trust: 0.8
db:	CNNVD	id:	CNNVD-201012-333	Trust: 0.6

sources: BID: 45527 // JVNDB: JVNDB-2010-003551 // CNNVD: CNNVD-201012-333 // NVD: CVE-2010-4613

REFERENCES

url:	http://www.htbridge.ch/advisory/lfi_in_hycus_cms.html	Trust: 1.9
url:	http://www.securityfocus.com/bid/45527	Trust: 1.6
url:	http://www.exploit-db.com/exploits/15797	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4613	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4613	Trust: 0.8
url:	http://www.hycus.com/	Trust: 0.3

sources: BID: 45527 // JVNDB: JVNDB-2010-003551 // CNNVD: CNNVD-201012-333 // NVD: CVE-2010-4613

CREDITS

High-Tech Bridge SA

Trust: 0.9

sources: BID: 45527 // CNNVD: CNNVD-201012-333

SOURCES

db:	BID	id:	45527
db:	JVNDB	id:	JVNDB-2010-003551
db:	CNNVD	id:	CNNVD-201012-333
db:	NVD	id:	CVE-2010-4613

LAST UPDATE DATE

2025-04-11T22:54:08.863000+00:00

SOURCES UPDATE DATE

db:	BID	id:	45527	date:	2015-04-13T21:02:00
db:	JVNDB	id:	JVNDB-2010-003551	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201012-333	date:	2010-12-30T00:00:00
db:	NVD	id:	CVE-2010-4613	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	BID	id:	45527	date:	2010-12-21T00:00:00
db:	JVNDB	id:	JVNDB-2010-003551	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201012-333	date:	2010-12-30T00:00:00
db:	NVD	id:	CVE-2010-4613	date:	2010-12-29T22:33:32.307