Unrated severityNVD Advisory· Published Oct 7, 2010· Updated Apr 29, 2026
CVE-2010-3692
CVE-2010-3692
Description
Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.
Affected products
30cpe:2.3:a:apereo:phpcas:*:*:*:*:*:*:*:*+ 29 more
- cpe:2.3:a:apereo:phpcas:*:*:*:*:*:*:*:*range: <=1.1.2
- cpe:2.3:a:apereo:phpcas:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.19:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.21:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.22:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.23:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:1.1.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
20- bugs.debian.org/cgi-bin/bugreport.cginvd
- lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.htmlnvd
- secunia.com/advisories/41878nvd
- secunia.com/advisories/42149nvd
- secunia.com/advisories/42184nvd
- secunia.com/advisories/43427nvd
- www.debian.org/security/2011/dsa-2172nvd
- www.openwall.com/lists/oss-security/2010/09/29/6nvd
- www.openwall.com/lists/oss-security/2010/10/01/2nvd
- www.openwall.com/lists/oss-security/2010/10/01/5nvd
- www.securityfocus.com/bid/43585nvd
- www.vupen.com/english/advisories/2010/2705nvd
- www.vupen.com/english/advisories/2010/2909nvd
- www.vupen.com/english/advisories/2011/0456nvd
- developer.jasig.org/source/changelog/jasigsvnnvd
- forge.indepnet.net/projects/glpi/repository/revisions/12601nvd
- issues.jasig.org/browse/PHPCAS-80nvd
News mentions
0No linked articles in our index yet.