Unrated severityNVD Advisory· Published Apr 18, 2011· Updated Apr 29, 2026

CVE-2011-1715

Description

Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.

Affected products

Qooxdoo/Qooxdoo
cpe:2.3:a:qooxdoo:qooxdoo:1.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

osvdb.org/71719nvdExploit
www.autosectools.com/Advisories/eyeOS.2.3_Local.File.Inclusion_173.htmlnvdExploit
www.exploit-db.com/exploits/17127nvdExploit
www.securityfocus.com/bid/47184nvdExploit
secunia.com/advisories/43818nvdVendor Advisory
secunia.com/advisories/43997nvdVendor Advisory
blog.eyeos.org/en/2011/04/07/about-some-eyeos-security-issues/nvd
osvdb.org/71721nvd
exchange.xforce.ibmcloud.com/vulnerabilities/66574nvd
exchange.xforce.ibmcloud.com/vulnerabilities/66575nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000