Description

Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.

Remediation

References

CVE-2008-0252

Related Vulnerabilities

MySQL CVE-2023-22026 Vulnerability (CVE-2023-22026)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-8420)

WordPress Plugin Music Store Unspecified Vulnerability (1.0.20)

Apache HTTP Server Other Vulnerability (CVE-2004-2343)

TYPO3 Cleartext Transmission of Sensitive Information Vulnerability (CVE-2017-6370)

Severity

High

Classification

CVE-2008-0252 CWE-22

Tags

Missing Update Known Vulnerabilities