Unrated severityNVD Advisory· Published Sep 29, 2010· Updated Apr 29, 2026

CVE-2010-3468

Description

Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under tasks/render/file/.

Affected products

Blueriver/Sava CMS3 versions
cpe:2.3:a:blueriver:sava_cms:5.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:blueriver:sava_cms:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:blueriver:sava_cms:5.0.122:*:*:*:*:*:*:*
- cpe:2.3:a:blueriver:sava_cms:5.2:*:*:*:*:*:*:*
Blueriver/Muracms2 versions
cpe:2.3:a:blueriver:mura_cms:5.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:blueriver:mura_cms:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:blueriver:mura_cms:5.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.getmura.com/index.cfm/blog/critical-security-patch/nvdPatchVendor Advisory
www.exploit-db.com/exploits/15120nvdExploit
www.stratsec.net/Research/Advisories/Blue-River-Mura-CMS-Directory-Traversal-%28SS-2010-0nvdExploit
secunia.com/advisories/41591nvdVendor Advisory
www.securityfocus.com/bid/43499nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000