Unrated severityNVD Advisory· Published Oct 7, 2010· Updated Jun 16, 2026
CVE-2010-3692
CVE-2010-3692
Description
Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31cpe:2.3:a:apereo:phpcas:*:*:*:*:*:*:*:*+ 29 more
- cpe:2.3:a:apereo:phpcas:*:*:*:*:*:*:*:*range: <=1.1.2
- cpe:2.3:a:apereo:phpcas:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.19:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.21:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.22:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.23:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apereo:phpcas:1.1.1:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
20- bugs.debian.org/cgi-bin/bugreport.cginvd
- lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.htmlnvd
- secunia.com/advisories/41878nvd
- secunia.com/advisories/42149nvd
- secunia.com/advisories/42184nvd
- secunia.com/advisories/43427nvd
- www.debian.org/security/2011/dsa-2172nvd
- www.openwall.com/lists/oss-security/2010/09/29/6nvd
- www.openwall.com/lists/oss-security/2010/10/01/2nvd
- www.openwall.com/lists/oss-security/2010/10/01/5nvd
- www.securityfocus.com/bid/43585nvd
- www.vupen.com/english/advisories/2010/2705nvd
- www.vupen.com/english/advisories/2010/2909nvd
- www.vupen.com/english/advisories/2011/0456nvd
- developer.jasig.org/source/changelog/jasigsvnnvd
- forge.indepnet.net/projects/glpi/repository/revisions/12601nvd
- issues.jasig.org/browse/PHPCAS-80nvd
News mentions
0No linked articles in our index yet.