Home > Vulnerability Database > CVE-2016-15023

Mend.io Vulnerability Database

CVE-2016-15023

Good to know:

Date: January 31, 2023

A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The identifier of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability.

Language: PHP

Severity Score

3.5

Related Resources (7)

Url: https://vuldb.com/?id.219765

Url: https://github.com/sitefusion/server/releases/tag/v6.6.7

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-15023

Url: https://vuldb.com/?ctiid.219765

Url: https://github.com/sitefusion/server/pull/67

Url: https://github.com/sitefusion/server/commit/49fff155c303d6cd06ce8f97bba56c9084bf08ac

Url: https://www.mend.io/vulnerability-database/CVE-2016-15023

Severity Score

3.5

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version v6.6.7,6.6.11

Learn More

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.7
Access Vector (AV):	ADJACENT
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2016-15023

Good to know:

Date: January 31, 2023

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?