CVE-2011-1715
CVE-2011-1715
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS —EPSS 8.9%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
06 Apr 2011Public PoC
18 Apr 2011Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/17127unverifiedexploitdbwww.exploit-db.com/exploits/17127unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://blog.eyeos.org/en/2011/04/07/about-some-eyeos-security-issues/http://osvdb.org/71719http://osvdb.org/71721http://secunia.com/advisories/43818http://secunia.com/advisories/43997https://exchange.xforce.ibmcloud.com/vulnerabilities/66574https://exchange.xforce.ibmcloud.com/vulnerabilities/66575http://www.autosectools.com/Advisories/eyeOS.2.3_Local.File.Inclusion_173.htmlhttp://www.exploit-db.com/exploits/17127http://www.securityfocus.com/bid/47184