Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-5258

EPSS 81.20% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-5258

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
webEdition CMS 目录遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
webEdition CMS是一套基于LAMP架构的开源网站内容管理系统(CMS)。该系统包含用户权限管理模块、新闻邮件管理模块等。 webEdition CMS 6.3.8.0及之前版本的showTempFile.php脚本存在目录遍历漏洞。远程攻击者可借助‘file’参数中的目录遍历字符‘..’利用该漏洞读取任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2014-5258

#POC DescriptionSource LinkShenlong Link
1A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2014/CVE-2014-5258.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2014-5258

登录查看更多情报信息。

Same Patch Batch · n/a · 2014-11-06 · 30 CVEs total

CVE-2014-8658Atlassian RefinedWiki Original Theme‘versionComment’参数跨站脚本漏洞
CVE-2014-6030Atomic Design ClassApps SelectSurvey.net SQL注入漏洞
CVE-2014-5451Modx Revolution 跨站脚本漏洞
CVE-2014-8670vBulletin 开放重定向漏洞
CVE-2014-8669SAP CRM SAP Promotion Guidelines 代码注入漏洞
CVE-2014-8668SAP Contract Accounting SQL注入漏洞
CVE-2014-8667SAP HANA Web-based Development Workbench 跨站脚本漏洞
CVE-2014-8666SAP Business Intellignece 信息泄露漏洞
CVE-2014-8665SAP Business Intelligence Development Workbench 信息泄露漏洞
CVE-2014-8664SAP Environment, Health, and Safety Management Product Safety组件SQL注入漏洞
CVE-2014-8663SAP NetWeaver Business Warehouse Data Basis模块SQL注入漏洞
CVE-2014-8662SAP Payroll Process 拒绝服务漏洞
CVE-2014-8661SAP CRM Internet Sales模块代码注入漏洞
CVE-2014-8660SAP Document Management Services 代码注入漏洞
CVE-2014-8659SAP Environment, Health, and Safety Management 目录遍历漏洞
CVE-2014-0995SAP NetWeaver 输入验证漏洞
CVE-2014-8657Compal Broadband Networks CH6640E和CG6640E Wireless Gateway 配置错误漏洞
CVE-2014-8656Compal Broadband Networks CH6640E和CG6640E Wireless Gateway 信任管理漏洞
CVE-2014-8655Compal Broadband Networks CH6640E和CG6640E Wireless Gateway 权限许可和访问控制漏洞
CVE-2014-8654Compal Broadband Networks CH6640E和CG6640E Wireless Gateway 跨站请求伪造漏洞

Showing top 20 of 30 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2014-5258

No comments yet

Leave a comment