Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2014-8939

Good to know:

icon

Date: June 1, 2020

Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.

Language: PHP

Severity Score

Related Resources (3)

https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html
https://nvd.nist.gov/vuln/detail/CVE-2014-8939
https://www.mend.io/vulnerability-database/CVE-2014-8939

Severity Score

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

icon

Upgrade Version

Upgrade to version oxid-esales/oxideshop-ce - sync-p-5.2-ce-96;oxid-esales/oxideshop-ce - dev-CEPR458_0006465-ESDEV-4006;oxid-esales/oxideshop-ce - sync-p-5.1.9-ce-1;oxid-esales/oxideshop-ce - dev-pr429;oxid-esales/oxideshop-ce - dev-master-refactor_tests-OXDEV-73;oxid-esales/oxideshop-ce - sync-p-5.2-ce-33;oxid-esales/oxideshop-ce - dev-CEPR452-ESDEV-4011;oxid-esales/oxideshop-ce - sync-p-5.2-ce-69;oxid-esales/oxideshop-ce - sync-p-5.0-ce-223;oxid-esales/oxideshop-ce - sync-p-dev-ce-1205;oxid-esales/oxideshop-ce - dev-pr845;oxid-esales/oxideshop-ce - sync-p-dev-ce-352;oxid-esales/oxideshop-ce - sync-p-5.2.0_rc2-ce-1;oxid-esales/oxideshop-ce - dev-pr888;oxid-esales/oxideshop-ce - dev-master-2.12.1_dbal;oxid-esales/oxideshop-ce - sync-p-5.0-ce-200;oxid-esales/oxideshop-ce - dev-pr493;oxid-esales/oxideshop-ce - sync-p-5.2-ce-5;oxid-esales/oxideshop-ce - sync-p-5.2-ce-0;oxid-esales/oxideshop-ce - sync-p-5.0-ce-101;oxid-esales/oxideshop-ce - sync-p-dev-ce-823;oxid-esales/oxideshop-ce - dev-pr890;oxid-esales/oxideshop-ce - dev-pr813;oxid-esales/oxideshop-ce - dev-PR531_fix_setup_mysql56_issue;oxid-esales/oxideshop-ce - dev-pr963;oxid-esales/oxideshop-ce - sync-p-4.6-ce-53;oxid-esales/oxideshop-ce - sync-p-dev-ce-307;oxid-esales/oxideshop-ce - sync-p-5.1.4-ce-1;oxid-esales/oxideshop-ce - sync-p-5.0.9-ce-1;oxid-esales/oxideshop-ce - sync-p-5.0-ce-113;oxid-esales/oxideshop-ce - dev-selenium-OXDEV-690;oxid-esales/oxideshop-ce - sync-p-5.0-ce-161;oxid-esales/oxideshop-ce - sync-p-5.3-ce-71;oxid-esales/oxideshop-ce - sync-p-5.1-ce-194;oxid-esales/oxideshop-ce - dev-TEMPORARY-OXDEV-1314;oxid-esales/oxideshop-ce - dev-pr964;oxid-esales/oxideshop-ce - sync-p-5.3-ce-29;oxid-esales/oxideshop-ce - sync-p-5.0-ce-146;oxid-esales/oxideshop-ce - dev-pr728;oxid-esales/oxideshop-ce - sync-p-5.0-ce-219;oxid-esales/oxideshop-ce - sync-p-5.2-ce-190;oxid-esales/oxideshop-ce - sync-p-5.2-ce-154;oxid-esales/oxideshop-ce - sync-p-5.2-ce-109;oxid-esales/oxideshop-ce - sync-p-5.1.7-ce-1;oxid-esales/oxideshop-ce - sync-p-5.0.14-ce-1;oxid-esales/oxideshop-ce - sync-p-5.1-ce-216;oxid-esales/oxideshop-ce - v6.0-beta.1;oxid-esales/oxideshop-ce - sync-p-dev-ce-288;oxid-esales/oxideshop-ce - sync-p-5.3-ce-155;oxid-esales/oxideshop-ce - sync-p-dev-ce-309;oxid-esales/oxideshop-ce - dev-pr889;oxid-esales/oxideshop-ce - dev-pr882;oxid-esales/oxideshop-ce - sync-p-5.2-ce-22;oxid-esales/oxideshop-ce - sync-p-5.3-ce-31;oxid-esales/oxideshop-ce - sync-p-5.2.4-ce-1;oxid-esales/oxideshop-ce - sync-p-5.2-ce-174;oxid-esales/oxideshop-ce - dev-pr771;oxid-esales/oxideshop-ce - dev-pr875;oxid-esales/oxideshop-ce - dev-pr803;oxid-esales/oxideshop-ce - v0;oxid-esales/oxideshop-ce - sync-p-5.3-ce-104;oxid-esales/oxideshop-ce - dev-oxajax_fix_for-OXDEV-331;oxid-esales/oxideshop-ce - dev-pr936;oxid-esales/oxideshop-ce - sync-p-4.6-ce-35;oxid-esales/oxideshop-ce - sync-p-5.3-ce-125;oxid-esales/oxideshop-ce - sync-p-5.3-ce-147;oxid-esales/oxideshop-ce - sync-p-5.0.6-ce-1;oxid-esales/oxideshop-ce - dev-pr5x;oxid-esales/oxideshop-ce - dev-pr764;oxid-esales/oxideshop-ce - dev-pr895;oxid-esales/oxideshop-ce - dev-pr758;oxid-esales/oxideshop-ce - dev-pr802;oxid-esales/oxideshop-ce - dev-pr887;oxid-esales/oxideshop-ce - dev-pr884;oxid-esales/oxideshop-ce - sync-p-5.1.6-ce-1;oxid-esales/oxideshop-ce - sync-p-5.1.3-ce-1;oxid-esales/oxideshop-ce - sync-p-5.3-ce-113;oxid-esales/oxideshop-ce - dev-pr755;oxid-esales/oxideshop-ce - sync-p-5.1-ce-254;oxid-esales/oxideshop-ce - dev-b2b-compatible-branch;oxid-esales/oxideshop-ce - sync-p-5.1-ce-80;oxid-esales/oxideshop-ce - sync-p-5.1-ce-264;oxid-esales/oxideshop-ce - sync-p-5.0.11-ce-1;oxid-esales/oxideshop-ce - dev-pr826;oxid-esales/oxideshop-ce - dev-pr891;oxid-esales/oxideshop-ce - dev-pr853;oxid-esales/oxideshop-ce - dev-test_noregister_email_change-OXDEV-1006;oxid-esales/oxideshop-ce - dev-investigating-OXDEV-854;oxid-esales/oxideshop-ce - dev-master-pr860;oxid-esales/oxideshop-ce - sync-p-5.3-ce-134;oxid-esales/oxideshop-ce - sync-p-5.0-ce-85;oxid-esales/oxideshop-ce - sync-p-5.2.1-ce-1;oxid-esales/oxideshop-ce - sync-p-dev-ce-821;oxid-esales/oxideshop-ce - sync-p-5.1.8-ce-1;oxid-esales/oxideshop-ce - sync-p-dev-ce-327;oxid-esales/oxideshop-ce - v6.0.0;oxid-esales/oxideshop-ce - dev-pr817;oxid-esales/oxideshop-ce - sync-p-dev-ce-158;oxid-esales/oxideshop-ce - sync-p-5.2-ce-128;oxid-esales/oxideshop-ce - dev-revert-849-b-6.2.x-grapqhl_skipSession-OXDEV-4221;oxid-esales/oxideshop-ce - sync-p-5.2.0_rc1-ce-3;oxid-esales/oxideshop-ce - dev-pr840;oxid-esales/oxideshop-ce - dev-pr871;oxid-esales/oxideshop-ce - sync-p-5.0.13-ce-1;oxid-esales/oxideshop-ce - dev-pr713;oxid-esales/oxideshop-ce - sync-p-4.6.8-ce-1;oxid-esales/oxideshop-ce - sync-p-5.1.2-ce-1;oxid-esales/oxideshop-ce - sync-p-5.0.7-ce-1;oxid-esales/oxideshop-ce - dev-pr863;oxid-esales/oxideshop-ce - sync-p-5.1-ce-7;oxid-esales/oxideshop-ce - dev-OXDEV-1208_Events-Spike;oxid-esales/oxideshop-ce - sync-p-5.0-ce-57;oxid-esales/oxideshop-ce - sync-p-5.1-ce-106;oxid-esales/oxideshop-ce - dev-pr715;oxid-esales/oxideshop-ce - dev-PR417_0006056-ESDEV-4005;oxid-esales/oxideshop-ce - dev-pr856merged;oxid-esales/oxideshop-ce - sync-p-5.0.10-ce-3;oxid-esales/oxideshop-ce - dev-BAK_oxajax_fix_for-OXDEV-341;oxid-esales/oxideshop-ce - sync-p-5.1-ce-149;oxid-esales/oxideshop-ce - sync-p-5.1.1-ce-1;oxid-esales/oxideshop-ce - sync-p-5.3-ce-151;oxid-esales/oxideshop-ce - sync-p-5.1-ce-246;oxid-esales/oxideshop-ce - dev-pr927;oxid-esales/oxideshop-ce - dev-codeception-OXDEV-691;oxid-esales/oxideshop-ce - dev-pr865;oxid-esales/oxideshop-ce - sync-p-5.0.12-ce-1;oxid-esales/oxideshop-ce - sync-p-5.3-ce-67;oxid-esales/oxideshop-ce - dev-pr793;oxid-esales/oxideshop-ce - sync-p-5.2.2-ce-1;oxid-esales/oxideshop-ce - sync-p-5.3-ce-106;oxid-esales/oxideshop-ce - dev-pr571;oxid-esales/oxideshop-ce - dev-pull_request_480;oxid-esales/oxideshop-ce - sync-p-5.3-ce-109;oxid-esales/oxideshop-ce - v7.0.0;oxid-esales/oxideshop-ce - dev-pr837;oxid-esales/oxideshop-ce - dev-pr449;oxid-esales/oxideshop-ce - dev-pr846;oxid-esales/oxideshop-ce - sync-p-5.2-ce-6;oxid-esales/oxideshop-ce - sync-p-5.1-ce-267;oxid-esales/oxideshop-ce - dev-pr757;oxid-esales/oxideshop-ce - sync-p-5.0.8-ce-1;sifophp/sifo - dev-MDI-1466-1;sifophp/sifo - sifo-2.2;civicrm/civicrm-packages - 4.7.3;civicrm/civicrm-packages - 4.6.29;civicrm/civicrm-packages - 4.6.beta5;civicrm/civicrm-packages - 4.4.13;civicrm/civicrm-packages - 4.3.4;civicrm/civicrm-packages - 4.6.14;civicrm/civicrm-packages - 4.4.alpha2;civicrm/civicrm-packages - 4.7.21;civicrm/civicrm-packages - 4.7.12;civicrm/civicrm-packages - 4.6.9;civicrm/civicrm-packages - no_fix;civicrm/civicrm-packages - 4.7.17;civicrm/civicrm-packages - 4.6.33;civicrm/civicrm-packages - 4.7.0;civicrm/civicrm-packages - 4.7.alpha2;civicrm/civicrm-packages - 4.7.5;civicrm/civicrm-packages - 4.6.beta2;civicrm/civicrm-packages - 4.7.beta8;civicrm/civicrm-packages - 4.7.15;civicrm/civicrm-packages - 4.4.beta4;civicrm/civicrm-packages - 4.4.1;civicrm/civicrm-packages - 4.6.alpha5;civicrm/civicrm-packages - 4.6.0;civicrm/civicrm-packages - 4.4.6rc1;civicrm/civicrm-packages - 4.7.10-pre1;civicrm/civicrm-packages - 5.39.3+esr;civicrm/civicrm-packages - 4.7.beta1;civicrm/civicrm-packages - 4.6.22;civicrm/civicrm-packages - 4.4.11;civicrm/civicrm-packages - 4.3.beta3;civicrm/civicrm-packages - 4.6.26;civicrm/civicrm-packages - 4.7.27;civicrm/civicrm-packages - 4.4.7rc1;civicrm/civicrm-packages - 4.6.7;jakubpas/suitecrm - dev-release;jakubpas/suitecrm - v7.5.7;jakubpas/suitecrm - v7.5.3;piwik/piwik - dev-dependabot-submodules-all-submodules-601eb3dff1;piwik/piwik - dev-dependabot-github_actions-ncipollo-release-action-1.14.0;moodle/moodle - v2.2.0-beta;moodle/moodle - v1.9.0;javanile/vtiger-core - 6.0.0;javanile/vtiger-core - 1.0.0;kurogame/smarty - v3.1.11;datingvip/smarty - dev-bugfix/strip_doesnt_remove_whitespaces_after_comment_2;datingvip/smarty - dev-bugfix/rand_without_param_v3;andro/andromeda - 1.5.1;dolibarr/dolibarr - dev-scrutinizer-patch-3;dolibarr/dolibarr - 3.2.0;smarty/smarty - dev-bugfix/strip_doesnt_remove_whitespaces_after_comment_2;smarty/smarty - dev-bugfix/rand_without_param_v3;scpwiki/smarty - no_fix;tpruvot/gitphp-repo - 0.2.4-tpr;tpruvot/gitphp-repo - 0.2.5-tpr;tga/forum-bundle - no_fix;9naquame/wyf - v1.3.1;9naquame/wyf - v1.x-dev;ycms/prestashop - 1.5.0.1;xrow/xrowpiwik-ls - 1.1;xataface/xataface - no_fix;acosf/archersys - 2.7;acosf/archersys - 1.0;dimassrio/vanilla - no_fix;dimassrio/vanilla - Vanilla_2.0.4;centreon/smarty - dev-security/blockfunctioninjection_v3;matomo/matomo - dev-dependabot-github_actions-ncipollo-release-action-1.14.0;xpmozong/wavephp2 - 2.9.9.0.1;xpmozong/wavephp2 - 1.0;xpmozong/wavephp2 - 3.0.3;mon1k/smarty - no_fix;bacula-web/bacula-web - dev-dependabot/npm_and_yarn/webpack-5.94.0;bacula-web/bacula-web - v8.0.0-rc.1;bishopb/vanilla - no_fix;stk2k/charcoalphp2 - 2.20.0;sintattica/atk - 9.0.x-dev;sintattica/atk - 8.2.1;happycoding/civicrm-core-for-drupal - no_fix;o3-shop/smarty - no_fix;bearsaturday/bearsaturday - 0.9.22;bearsaturday/bearsaturday - 0.10.0;kktsvetkov/smarty2 - no_fix;artemsuv/smarty - v2.6.24;impresscms/impresscms - dev-dependabot/composer/symfony/polyfill-php80-1.26.0;impresscms/impresscms - dev-dependabot/composer/master/lulco/phoenix-1.4.0;impresscms/impresscms - v2.0.0_alpha10;ec-cube/ec-cube - dev-dependabot/composer/composer/composer-2.6.4;ec-cube/ec-cube - dev-dependabot/composer/twig/twig-2.14.11;mikejw/elibs - no_fix;ec-cube2/ec-cube2 - 2.17.0;ec-cube2/ec-cube2 - 2.13.x-dev;kewljuice/civicrm-libraries - no_fix;bedita/bedita - dev-dependabot/github_actions/docker/login-action-3;bedita/bedita - 3.2.0;reportico-web/reportico - 6.0.0;reportico-web/reportico - dev-reportico-new-architecture;livestreet/smarty - v3.1.11;nonfiction/nterchange - 4.0.0;memdev/reportico - no_fix;happycoding/civicrm-library-for-drupal - 5.10.3-RC2;mreiche/smarty - v3.1.x-dev;kudeepak/sim-mvc - no_fix;benkeen/generatedata - 3.0.0-alpha1;oxid/eshop_ce - no_fix;oxid/eshop_ce - v6.0-beta.1;modx/revolution - v2.0.5-pl;buonjg/smarty - v3.1.11;buonjg/smarty - dev-master;hi-media/padocc-engine - v2.0.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us