Unrated severityNVD Advisory· Published Jun 9, 2015· Updated Jun 17, 2026
CVE-2015-3648
CVE-2015-3648
Description
Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.
Affected products
2cpe:2.3:a:montala:resourcespace:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:montala:resourcespace:*:*:*:*:*:*:*:*range: <=7.1.6513
- (no CPE)range: <7.2.6727
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.