CVE-2012-2352

EPSS 1.2%

sympa - authorization bypass

發布日:2012/5/31修改日:2026/4/28

描述

The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions.

受影響套件(2)

參考連結(1)