CVE-2016-15023 LOW

CVE-2016-15023: SiteFusion Application Server Extension getextension.php path traversal

Vendor Sitefusion

Product Application Server

Weakness CWE-22 · Path traversal

Published January 31, 2023

Last update August 6, 2024

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The identifier of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability.

Key dates

02Disclosure timeline

January 31, 2023 CVE published

August 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2016-15023 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/22.html

Related vulnerabilities

Identifiers

CVE CVE-2016-15023

CWE CWE-22

CVSS 3.5 / LOW

Affected versions

Vendor Sitefusion

Product Application Server

Affected 6.6.0

Vendor Sitefusion

Product Application Server

Affected 6.6.1

Vendor Sitefusion

Product Application Server

Affected 6.6.2

Vendor Sitefusion

Product Application Server

Affected 6.6.3

Vendor Sitefusion

Product Application Server

Affected 6.6.4

Vendor Sitefusion

Product Application Server

Affected 6.6.5

Vendor Sitefusion

Product Application Server

Affected 6.6.6

CVE-2016-15023: SiteFusion Application Server Extension getextension.php path traversal

01Description

02Disclosure timeline

03References

04Related CVE