Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

CVE-2018-16961

Vendor: Center for Computational Research, University at Buffalo

Product: Open XDMoD

Affected versions: < 8.0

Open XDMoD is an open source tool to facilitate the management of high performance computing resources. It is widely deployed at academic, industrial, and government HPC centres. The web interface is written in PHP. The vulnerabilities discussed in this report have been discovered in version 7.5, and will be addressed in the upcoming 8.0 release.

Directory Traversal

This vulnerability relates to a directory traversal opportunity in "html/gui/general/dl_publication.php". Although an attacker can request a file download using a crafted "file" parameter argument, NULL byte injection is handled by recent versions of PHP which substantially reduces the impact. However, it is still possible to request arbitrary files ending in ".PDF".

See also CVE-2018-16988, CVE-2018-16960.