Unrated severityOSV Advisory· Published Sep 11, 2018· Updated Aug 5, 2024

CVE-2018-16836

Description

Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Webtales/RubedoOSV2 versions
2.0.0, 2.0alpha1, 2.1.0beta, …+ 1 more
- (no CPE)range: 2.0.0, 2.0alpha1, 2.1.0beta, …
- (no CPE)range: <=3.4.0

Patches

Vulnerability mechanics

References

www.exploit-db.com/exploits/45385/mitreexploitx_refsource_EXPLOIT-DB
github.com/maroueneboubakri/CVE/tree/master/rubedo-cmsmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.049
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000