CVE-2013-3514
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
14/05/2014
Last modified:
12/04/2025
Description
Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:* | 2.8.10 (including) | |
| cpe:2.3:a:openx:openx:2.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openx:openx:2.4.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openx:openx:2.4.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openx:openx:2.4.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openx:openx:2.4.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openx:openx:2.4.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openx:openx:2.4.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openx:openx:2.4.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openx:openx:2.4.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openx:openx:2.6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openx:openx:2.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openx:openx:2.6.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openx:openx:2.6.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openx:openx:2.6.4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page