CyberSec.Space Logo
Back to CVE Browser

CVE-2002-1058

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1810%
EPSS Percentile11.46th
PublishedOct 4, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file.

Affected Platforms (CPE)

πŸ“¦
Cobalt

Qube

= 3.0

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-07/0261.html
πŸ”— http://www.iss.net/security_center/static/9669.php
πŸ”— http://www.securityfocus.com/bid/5297
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-07/0261.html
πŸ”— http://www.iss.net/security_center/static/9669.php
πŸ”— http://www.securityfocus.com/bid/5297

Related Vulnerabilities

CVE-2017-167149.8

In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessib...

CVE-2017-140267.5

In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users whi...

CVE-2021-369137.5

Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at W...

CVE-2021-249167.5

The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qube...