Description

Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.

Remediation

References

CVE-2014-1832

Related Vulnerabilities

WordPress Plugin Cool Timeline (Horizontal & Vertical Timeline) Cross-Site Request Forgery (2.0.2)

WordPress Plugin SP Project & Document Manager Multiple SQL Injection Vulnerabilities (2.4.3)

WordPress Plugin Daily Prayer Time Cross-Site Request Forgery (2023.03.08)

FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43677)

Drupal Core 8.x.x Cross-Site Request Forgery (8.0.0 - 8.8.12)

Severity

Low

Classification

CVE-2014-1832

Tags

Missing Update Known Vulnerabilities