HTTP: Parameter Directory Traversal
This signature detects directory traversal attempts within HTTP GET or POST form parameters. Attackers can exploit a poorly-written CGI program to access or modify private files.
Extended Description
MidiCMS Website Builder is prone to a local file-include vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, and obtain sensitive information. MidiCMS Website Builder 2011 is vulnerable; other versions may also be affected.
Affected Products
Midicms_software midicms_website_builder
References
BugTraq: 52532 101789 39114 44852 68544 68361 69494 58385 9971 20160204 74792 74395 47970 68632 9966 71404 101527 66973 68540
CVE: CVE-2021-37343
URL: http://seclists.org/fulldisclosure/2014/Sep/110 http://seclists.org/fulldisclosure/2015/Jun/8 https://github.com/rapid7/metasploit-framework/pull/6038 http://tucanalamigo.blogspot.com/2010/04/pdc-de-zdi-10-078.html http://www.novell.com/support/kb/doc.php?id=7005573 http://seclists.org/fulldisclosure/2014/Aug/88 http://karmainsecurity.com/KIS-2016-07 http://www.sugarcrm.com/security/sugarcrm-sa-2016-001 http://www.sugarcrm.com/security/sugarcrm-sa-2016-008 https://bugs.php.net/bug.php?id=72663 http://secunia.com/advisories/50832 https://www.phpmyadmin.net/security/pmasa-2018-4/ https://medium.com/@happyholic1203/phpmyadmin-4-8-0-4-8-1-remote-code-execution-257bcc146f8e http://packetstormsecurity.com/files/132237/Bonita-BPM-6.5.1-Directory-Traversal-Open-Redirect.html http://www.novell.com/support/viewcontent.do?externalid=7005573 http://blog.harmonysecurity.com/2010/04/novell-zenworks-uploadservlet-remote.html
Short Name
HTTP:DIR:PARAMETER-TRAVERSE
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-1999-0229 CVE-1999-077 CVE-1999-1462 CVE-2000-0443 CVE-2000-0924 CVE-2001-0211 CVE-2004-1856 CVE-2004-1859 CVE-2009-5088 CVE-2009-5089 CVE-2009-5093 CVE-2010-0799 CVE-2010-1062 CVE-2010-1537 CVE-2010-2654 CVE-2010-2655 CVE-2010-3480 CVE-2010-3481 CVE-2010-4229 CVE-2010-4281 CVE-2010-4335 CVE-2010-4406 CVE-2010-4598 CVE-2010-5323 CVE-2011-0405 CVE-2011-1099 CVE-2011-4431 CVE-2011-4807 CVE-2012-0410 CVE-2012-0981 CVE-2012-1669 CVE-2012-1671 CVE-2012-4915 CVE-2012-5206 CVE-2012-5208 CVE-2012-5331 CVE-2013-1081 CVE-2013-1082 CVE-2013-2097 CVE-2013-3240 CVE-2013-3803 CVE-2013-4823 CVE-2013-5486 CVE-2013-6720 CVE-2013-6771 CVE-2013-6810 CVE-2013-7091 CVE-2014-10010 CVE-2014-10037 CVE-2014-2210 CVE-2014-2314 CVE-2014-2586 CVE-2014-2614 CVE-2014-2618 CVE-2014-2619 CVE-2014-2620 CVE-2014-3914 CVE-2014-5005 CVE-2014-5302 CVE-2014-5445 CVE-2014-5446 CVE-2014-6034 CVE-2014-6035 CVE-2014-6036 CVE-2014-7863 CVE-2014-7866 CVE-2014-9404 CVE-2015-1376 CVE-2015-1487 CVE-2015-2295 CVE-2015-2995 CVE-2015-2996 CVE-2015-2997 CVE-2015-3301 CVE-2015-3897 CVE-2015-4031 CVE-2015-4032 CVE-2015-4068 CVE-2015-6459 CVE-2016-0476 CVE-2016-0477 CVE-2016-0478 CVE-2016-0480 CVE-2016-0481 CVE-2016-0482 CVE-2016-0484 CVE-2016-0485 CVE-2016-0486 CVE-2016-0489 CVE-2016-0490 CVE-2016-0855 CVE-2016-1525 CVE-2016-1605 CVE-2016-3109 CVE-2016-5803 CVE-2016-6600 CVE-2016-6601 CVE-2016-6896 CVE-2016-8207 CVE-2016-8525 CVE-2016-8530 CVE-2017-11512 CVE-2017-12263 CVE-2017-12285 CVE-2017-5795 CVE-2017-6527 CVE-2017-6621 CVE-2017-6637 CVE-2017-7974 CVE-2018-0258 CVE-2018-12613 CVE-2018-15535 CVE-2018-15705 CVE-2018-16283 CVE-2018-17533 CVE-2018-7503 CVE-2019-10267 CVE-2020-18440 CVE-2020-8604 CVE-2020-8606 CVE-2021-37343 Directory Parameter Traversal bid:101527 bid:101789 bid:20160204 bid:39114 bid:44852 bid:47970 bid:52532 bid:58385 bid:66973 bid:68361 bid:68540 bid:68544 bid:68632 bid:69494 bid:71404 bid:74395 bid:74792 bid:9966 bid:9971
Release Date
08/12/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Occasionally
Vendors
Midicms_software
CVSS Score
7.5
6.5
7.8
4.0
5.0
6.4
8.5
9.0
10.0
6.8
7.1
9.4
9.3
5.5
5.8
3.5
4.3