{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2018-25094","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-12-02T07:41:58.211Z","datePublished":"2023-12-03T10:31:03.118Z","dateUpdated":"2024-08-05T12:33:49.018Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-12-03T10:31:03.118Z"},"title":"ระบบบัญชีออนไลน์ Online Accounting System image.php path traversal","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-24","lang":"en","description":"CWE-24 Path Traversal: '../filedir'"}]}],"affected":[{"vendor":"ระบบบัญชีออนไลน์","product":"Online Accounting System","versions":[{"version":"1.0","status":"affected"},{"version":"1.1","status":"affected"},{"version":"1.2","status":"affected"},{"version":"1.3","status":"affected"},{"version":"1.4","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 9d9618422b980335bb30be612ea90f4f56cb992c. It is recommended to upgrade the affected component. The identifier VDB-246641 was assigned to this vulnerability."},{"lang":"de","value":"Eine problematische Schwachstelle wurde in ระบบบัญชีออนไลน์ Online Accounting System bis 1.4.0 gefunden. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei ckeditor/filemanager/browser/default/image.php. Durch Beeinflussen des Arguments fid mit der Eingabe ../../../etc/passwd mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 2.0.0 vermag dieses Problem zu lösen. Der Patch wird als 9d9618422b980335bb30be612ea90f4f56cb992c bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":3.5,"vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.5,"vectorString":"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":2.7,"vectorString":"AV:A/AC:L/Au:S/C:P/I:N/A:N"}}],"timeline":[{"time":"2018-03-18T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2018-03-18T00:00:00.000Z","lang":"en","value":"Countermeasure disclosed"},{"time":"2023-12-02T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-12-02T08:47:13.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"VulDB GitHub Commit Analyzer","type":"tool"}],"references":[{"url":"https://vuldb.com/?id.246641","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.246641","tags":["signature","permissions-required"]},{"url":"https://github.com/59160781/project/commit/9d9618422b980335bb30be612ea90f4f56cb992c","tags":["patch"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T12:33:49.018Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.246641","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.246641","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/59160781/project/commit/9d9618422b980335bb30be612ea90f4f56cb992c","tags":["patch","x_transferred"]}]}]}}