ChronoForums 2.0.11 pathname traversal

A vulnerability, which was classified as problematic, was found in ChronoForums 2.0.11 (Forum Software). This affects an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field01/12/2022 08:53 PM01/15/2022 10:51 AM
nameChronoForumsChronoForums
version2.0.112.0.11
cwe21 (directory traversal)21 (directory traversal)
risk22
cvss3_vuldb_acLL
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
cvss3_vuldb_rcRR
identifierusd-2021-0007usd-2021-0007
urlhttps://herolab.usd.de/en/security-advisories/usd-2021-0007/https://herolab.usd.de/en/security-advisories/usd-2021-0007/
cveCVE-2021-28377CVE-2021-28377
cve_assigned16157628001615762800
date1641942000 (01/12/2022)1641942000 (01/12/2022)
typeForum SoftwareForum Software
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss2_vuldb_rcURUR
cvss2_vuldb_avAA
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_avAA
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss2_vuldb_basescore2.72.7
cvss2_vuldb_tempscore2.62.6
cvss3_vuldb_basescore3.53.5
cvss3_vuldb_tempscore3.43.4
cvss3_meta_basescore3.53.5
cvss3_meta_tempscore3.43.4
price_0day$0-$5k$0-$5k
cve_nvd_summaryChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.

Interested in the pricing of exploits?

See the underground prices here!