← back
CVE-2011-1715

CVE-2011-1715

EPSS 8.9%
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS EPSS 8.9%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
06 Apr 2011Public PoC
18 Apr 2011Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.