CVE-2012-2352 in sympainfo

Summary

The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

04/19/2012

Disclosure

05/31/2012

Moderation

VulDB entry created

Entries

VDB-60873 (1)

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

7.3

EPSS

0.01249

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-2352
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-2352
CVE Details	https://www.cvedetails.com/cve/CVE-2012-2352/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!