CVE-2014-1923 - OpenCVE

Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Koha	Koha

Configuration 1 [-]

OR	cpe:2.3:a:koha:koha::::::::
	cpe:2.3:a:koha:koha::::::::
	cpe:2.3:a:koha:koha::::::::
	cpe:2.3:a:koha:koha::::::::

No data.

References

Link	Providers
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662
http://koha-community.org/security-release-february-2014/
http://www.openwall.com/lists/oss-security/2014/02/07/10
http://www.openwall.com/lists/oss-security/2014/02/10/3

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-24T16:42:42

Updated: 2024-08-06T09:58:15.695Z

Reserved: 2014-02-09T00:00:00

Link: CVE-2014-1923

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-01-24T17:15:12.250

Modified: 2020-01-30T20:57:37.487

Link: CVE-2014-1923

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-07T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-24T16:42:42", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://koha-community.org/security-release-february-2014/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1923", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://koha-community.org/security-release-february-2014/", "refsource": "MISC", "url": "http://koha-community.org/security-release-february-2014/"}, {"name": "http://www.openwall.com/lists/oss-security/2014/02/07/10", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"}, {"name": "http://www.openwall.com/lists/oss-security/2014/02/10/3", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"}, {"name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661", "refsource": "MISC", "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661"}, {"name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662", "refsource": "MISC", "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:58:15.695Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://koha-community.org/security-release-february-2014/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-1923", "datePublished": "2020-01-24T16:42:42", "dateReserved": "2014-02-09T00:00:00", "dateUpdated": "2024-08-06T09:58:15.695Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "matchCriteriaId": "217F4C5D-055C-43AA-983A-51CF9408B213", "versionEndExcluding": "3.08.23", "vulnerable": true}, {"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D66E4EE-C4FC-411F-957B-F21A618EBC7E", "versionEndExcluding": "3.10.13", "versionStartIncluding": "3.10.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "matchCriteriaId": "173A2792-F4A9-4378-9CA7-6FAE08D75492", "versionEndExcluding": "3.12.10", "versionStartIncluding": "3.12.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*", "matchCriteriaId": "2DE8FEB3-A97F-4F8C-A5FC-4B70E6E08859", "versionEndExcluding": "3.14.03", "versionStartIncluding": "3.14.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de Salto de Directorio en el (1) editor de ayuda de la interfaz del personal (archivo edithelp.pl) o (2) el archivo member-picupload.pl en Koha versiones anteriores a 3.8.23, versiones 3.10.x anteriores a 3.10.13, versiones 3.12.x anteriores a 3.12.10, y versiones 3.14.x anteriores a 3.14.3, permiten a atacantes remotos escribir en archivos arbitrarios por medio de vectores no especificados."}], "id": "CVE-2014-1923", "lastModified": "2020-01-30T20:57:37.487", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-24T17:15:12.250", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://koha-community.org/security-release-february-2014/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/02/07/10"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/02/10/3"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}