cpe:/a:blueriver:mura_cms:5.1 cpe:/a:blueriver:mura_cms:5.2 cpe:/a:blueriver:sava_cms:5.0 cpe:/a:blueriver:sava_cms:5.0.122 cpe:/a:blueriver:sava_cms:5.2 CVE-2010-3468 2010-09-29T13:00:05.697-04:00 2010-09-30T00:00:00.000-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-09-30T12:40:00.000-04:00 EXPLOIT-DB 15120 SECUNIA 41591 BID 43499 CONFIRM http://www.getmura.com/index.cfm/blog/critical-security-patch/ MISC http://www.stratsec.net/Research/Advisories/Blue-River-Mura-CMS-Directory-Traversal-%28SS-2010-0 Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under tasks/render/file/.