Skip to main content

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2015-1398

Severity Medium
Score 6.5/10

Summary

Multiple directory traversal vulnerabilities in Magento Community Edition (CE) versions 1.6.2.0, 1.6.2.0-patch2, 1.7.0.2 through 1.8.1.0, 1.9.x through 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote authenticated users to include and execute certain PHP files via (1) .. (dot dot) sequences in the PATH_INFO to index.php or (2) vectors involving a block value in the ___directive parameter to the Cms_Wysiwyg controller in the Adminhtml module, related to the blockDirective function and the auto loading mechanism. NOTE: vector 2 might not cross privilege boundaries, since administrators might already have the privileges to execute code and upload files.

  • LOW
  • NETWORK
  • SINGLE
  • PARTIAL
  • PARTIAL
  • PARTIAL

CWE-22 - Path Traversal

Path traversal (or directory traversal), is a vulnerability that allows malicious users to traverse the server's root directory, gaining access to arbitrary files and folders such as application code & data, back-end credentials, and sensitive operating system files. In the worst-case scenario, an attacker could potentially execute arbitrary files on the server, resulting in a denial of service attack. Such an exploit may severely impact the integrity, confidentiality, and availability of an application.

Advisory Timeline

  • Published