CVE-2001-1138 : Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers t

Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter.

Published 2001-09-07 04:00:00

Updated 2017-12-19 02:29:35

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversalExecute code

Exploit prediction scoring system (EPSS) score for CVE-2001-1138

Probability of exploitation activity in the next 30 days: 1.77%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2001-1138

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2001-1138

https://exchange.xforce.ibmcloud.com/vulnerabilities/7092
http://www.securityfocus.com/archive/1/212679

Vendor Advisory
http://www.securityfocus.com/bid/3304

Exploit;Vendor Advisory

Products affected by CVE-2001-1138

Randy Parker » Power Up Html » Version: 0.8033 Beta
cpe:2.3:a:randy_parker:power_up_html:0.8033_beta:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2001-1138

Exploit prediction scoring system (EPSS) score for CVE-2001-1138

CVSS scores for CVE-2001-1138

References for CVE-2001-1138

Products affected by CVE-2001-1138