VYPR
Unrated severityNVD Advisory· Published Nov 26, 2012· Updated Jun 16, 2026

CVE-2012-6038

CVE-2012-6038

Description

admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

17
  • Razorcms/Razorcms17 versions
    cpe:2.3:a:razorcms:razorcms:*:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:razorcms:razorcms:*:*:*:*:*:*:*:*range: <=1.2
    • cpe:2.3:a:razorcms:razorcms:0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:razorcms:razorcms:0.2:rc:*:*:*:*:*:*
    • cpe:2.3:a:razorcms:razorcms:0.2:rc2:*:*:*:*:*:*
    • cpe:2.3:a:razorcms:razorcms:0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:razorcms:razorcms:0.3:beta:*:*:*:*:*:*
    • cpe:2.3:a:razorcms:razorcms:0.3:beta1:*:*:*:*:*:*
    • cpe:2.3:a:razorcms:razorcms:0.3:beta2:*:*:*:*:*:*
    • cpe:2.3:a:razorcms:razorcms:0.3:rc:*:*:*:*:*:*
    • cpe:2.3:a:razorcms:razorcms:0.3:rc2:*:*:*:*:*:*
    • cpe:2.3:a:razorcms:razorcms:0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:razorcms:razorcms:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:razorcms:razorcms:1.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:razorcms:razorcms:1.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:razorcms:razorcms:1.0:rc:*:*:*:*:*:*
    • cpe:2.3:a:razorcms:razorcms:1.1:*:*:*:*:*:*:*
    • (no CPE)range: <1.2.1

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.