Unrated severityNVD Advisory· Published Feb 2, 2014· Updated Apr 29, 2026
CVE-2013-7300
CVE-2013-7300
Description
Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301.
Affected products
20cpe:2.3:a:craig_drummond:cantata:*:*:*:*:*:*:*:*+ 19 more
- cpe:2.3:a:craig_drummond:cantata:*:*:*:*:*:*:*:*range: <=1.2.1
- cpe:2.3:a:craig_drummond:cantata:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.8.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.2.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.