CVE-2018-1000550

Priority
Description
The Sympa Community Sympa version prior to version 6.2.32 contains a
Directory Traversal vulnerability in wwsympa.fcgi template editing function
that can result in Possibility to create or modify files on the server
filesystem. This attack appear to be exploitable via HTTP GET/POST request.
This vulnerability appears to have been fixed in 6.2.32.
Notes
Package
Source: sympa (LP Ubuntu Debian)
Upstream:released (6.2.32~dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (6.1.17~dfsg-1ubuntu0.1~esm1)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):not-affected (6.2.40~dfsg-4)
Ubuntu 20.10 (Groovy Gorilla):not-affected
More Information

Updated: 2020-07-30 08:14:28 UTC (commit dd36f14d21577f24d69b52e860f40106ba49ea35)