CVE-2016-9835 - Vulnerability Details

Vendors	Products
Zikula	Zikula Application Framework

Link	Providers
http://www.securityfocus.com/bid/95005
https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md
https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md
https://github.com/zikula/core/issues/3237

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-12-05T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in file \"jcss.php\" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-26T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zikula/core/issues/3237"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md"}, {"name": "95005", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95005"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-9835", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in file \"jcss.php\" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/zikula/core/issues/3237", "refsource": "CONFIRM", "url": "https://github.com/zikula/core/issues/3237"}, {"name": "https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md", "refsource": "CONFIRM", "url": "https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md"}, {"name": "https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md", "refsource": "CONFIRM", "url": "https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md"}, {"name": "95005", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95005"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:59:03.531Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/zikula/core/issues/3237"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md"}, {"name": "95005", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95005"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9835", "datePublished": "2016-12-05T08:09:00", "dateReserved": "2016-12-05T00:00:00", "dateUpdated": "2024-08-06T02:59:03.531Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2016-12-05T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2016-12-26T00:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/zikula/core/issues/3237 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md (string)

}

3 : { »

name : 95005 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/95005 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2016-9835 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://github.com/zikula/core/issues/3237 (string)

refsource : CONFIRM (string)

url : https://github.com/zikula/core/issues/3237 (string)

}

1 : { »

name : https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md (string)

refsource : CONFIRM (string)

url : https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md (string)

}

2 : { »

name : https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md (string)

refsource : CONFIRM (string)

url : https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md (string)

}

3 : { »

name : 95005 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/95005 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T02:59:03.531Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/zikula/core/issues/3237 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md (string)

}

3 : { »

name : 95005 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/95005 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2016-9835 (string)

datePublished : 2016-12-05T08:09:00 (string)

dateReserved : 2016-12-05T00:00:00 (string)

dateUpdated : 2024-08-06T02:59:03.531Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "709696F6-E682-44C6-8DEE-1981F9C0830E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "6BC52D44-5BBA-44EC-980F-F7F68FB4308C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "E37B6DC4-5491-4DAB-AF4B-344D42DF7E1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "9DE0911B-AF9A-4085-9E9A-DB51C0B3AA0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "FDBB6882-E2E7-4250-9F98-91B934A3B8C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "AC443F28-89CF-4A59-9723-A5EF1DB0D700", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "82B6B7E2-1813-4E71-93AA-F69914456459", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "21DEA14A-1178-4CC1-9F1E-0AFC698B33E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "DC76EDE1-899B-42B7-85A1-4D620D06EDB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "19E7AD8E-BCC2-4EBD-89F0-31432310640D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "7E3C032F-051E-41BA-B8DC-A75D27FC1FF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.3.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "12C66BB6-6B77-45EE-9CE9-A1153BF31ED7", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E9BF4D3-0806-451B-A1FE-CACF4DBD1216", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "B270D522-9D7C-4BC2-B92B-4FFA1F759C20", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "CB0107D9-B613-45DA-9620-905F36C497BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "1868276F-2E01-483E-AB23-50C3F6CF572D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "78197B79-8175-4995-A9E7-BE5596D983CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "21A8E740-0B8A-4F77-9646-E773B2E7D77A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "38A66193-AEBC-4E92-AC06-F1393E0E5C12", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "4EDF0B86-3BC5-4812-A162-44C771D0F0E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "2D62285E-E96B-4508-A108-CC9A8EFFE315", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "0F0534BF-6F30-4CE7-AD28-A9664BB37776", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "0CA8C092-8C79-4AD2-A860-B07C6A497A2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.4.3:rc3:*:*:*:*:*:*", "matchCriteriaId": "1F2B1E2E-8FE8-4F1A-9108-6C8A044FBADA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in file \"jcss.php\" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en el archivo \"jcss.php\" en Zikula 1.3.x en versiones anteriores a 1.3.11 y 1.4.x en versiones anteriores a 1.4.4 en Windows permite a un atacante remoto lanzar una inyecci\u00f3n de objeto PHP cargando un archivo serializado."}], "id": "CVE-2016-9835", "lastModified": "2024-11-21T03:01:50.190", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-05T08:59:02.673", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95005"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Release Notes", "Third Party Advisory"], "url": "https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Release Notes", "Third Party Advisory"], "url": "https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/zikula/core/issues/3237"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95005"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Release Notes", "Third Party Advisory"], "url": "https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Release Notes", "Third Party Advisory"], "url": "https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/zikula/core/issues/3237"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 709696F6-E682-44C6-8DEE-1981F9C0830E (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 6BC52D44-5BBA-44EC-980F-F7F68FB4308C (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : E37B6DC4-5491-4DAB-AF4B-344D42DF7E1E (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 9DE0911B-AF9A-4085-9E9A-DB51C0B3AA0C (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.3.4:*:*:*:*:*:*:* (string)

matchCriteriaId : FDBB6882-E2E7-4250-9F98-91B934A3B8C4 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.3.5:*:*:*:*:*:*:* (string)

matchCriteriaId : AC443F28-89CF-4A59-9723-A5EF1DB0D700 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.3.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 82B6B7E2-1813-4E71-93AA-F69914456459 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.3.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 21DEA14A-1178-4CC1-9F1E-0AFC698B33E2 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.3.8:*:*:*:*:*:*:* (string)

matchCriteriaId : DC76EDE1-899B-42B7-85A1-4D620D06EDB8 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.3.9:*:*:*:*:*:*:* (string)

matchCriteriaId : 19E7AD8E-BCC2-4EBD-89F0-31432310640D (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.3.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 7E3C032F-051E-41BA-B8DC-A75D27FC1FF9 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.3.10:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 12C66BB6-6B77-45EE-9CE9-A1153BF31ED7 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 1E9BF4D3-0806-451B-A1FE-CACF4DBD1216 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.4.0:rc1:*:*:*:*:*:* (string)

matchCriteriaId : B270D522-9D7C-4BC2-B92B-4FFA1F759C20 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.4.0:rc2:*:*:*:*:*:* (string)

matchCriteriaId : CB0107D9-B613-45DA-9620-905F36C497BE (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.4.0:rc3:*:*:*:*:*:* (string)

matchCriteriaId : 1868276F-2E01-483E-AB23-50C3F6CF572D (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.4.0:rc4:*:*:*:*:*:* (string)

matchCriteriaId : 78197B79-8175-4995-A9E7-BE5596D983CE (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.4.0:rc5:*:*:*:*:*:* (string)

matchCriteriaId : 21A8E740-0B8A-4F77-9646-E773B2E7D77A (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 38A66193-AEBC-4E92-AC06-F1393E0E5C12 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.4.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 4EDF0B86-3BC5-4812-A162-44C771D0F0E9 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.4.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 2D62285E-E96B-4508-A108-CC9A8EFFE315 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.4.3:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 0F0534BF-6F30-4CE7-AD28-A9664BB37776 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.4.3:rc2:*:*:*:*:*:* (string)

matchCriteriaId : 0CA8C092-8C79-4AD2-A860-B07C6A497A2B (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:zikula:zikula_application_framework:1.4.3:rc3:*:*:*:*:*:* (string)

matchCriteriaId : 1F2B1E2E-8FE8-4F1A-9108-6C8A044FBADA (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file. (string)

}

1 : { »

lang : es (string)

value : Vulnerabilidad de salto de directorio en el archivo "jcss.php" en Zikula 1.3.x en versiones anteriores a 1.3.11 y 1.4.x en versiones anteriores a 1.4.4 en Windows permite a un atacante remoto lanzar una inyección de objeto PHP cargando un archivo serializado. (string)

}

]

id : CVE-2016-9835 (string)

lastModified : 2024-11-21T03:01:50.190 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2016-12-05T08:59:02.673 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/95005 (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Issue Tracking (string)

1 : Patch (string)

2 : Release Notes (string)

3 : Third Party Advisory (string)

]

url : https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Issue Tracking (string)

1 : Patch (string)

2 : Release Notes (string)

3 : Third Party Advisory (string)

]

url : https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Issue Tracking (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://github.com/zikula/core/issues/3237 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/95005 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Patch (string)

2 : Release Notes (string)

3 : Third Party Advisory (string)

]

url : https://github.com/zikula/core/blob/1.3/CHANGELOG-1.3.md (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Patch (string)

2 : Release Notes (string)

3 : Third Party Advisory (string)

]

url : https://github.com/zikula/core/blob/1.4/CHANGELOG-1.4.md (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://github.com/zikula/core/issues/3237 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-77 (string)

}

1 : { »

lang : en (string)

value : CWE-284 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object