NVD Vulnerability Detail

CVE-2017-7258

Summary	HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as demonstrated by reading core-emli/Storage. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0.
Publication Date	March 30, 2017, 5:59 a.m.
Registration Date	Jan. 26, 2021, 1:28 p.m.
Last Update	Nov. 21, 2024, 12:31 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:auromeera:emli:1.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/97255	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/97255	Third Party Advisory VDB Entry
3	https://sudoat.blogspot.in/2017/03/path-traversal-vulnerability-in-emli.html	Third Party Advisory
4	https://sudoat.blogspot.in/2017/03/path-traversal-vulnerability-in-emli.html	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html

JVN Vulnerability Information

AuroMeera Technometrix Pvt. Ltd. eMLi におけるパストラバーサルの脆弱性

Title	AuroMeera Technometrix Pvt. Ltd. eMLi におけるパストラバーサルの脆弱性
Summary	AuroMeera Technometrix Pvt. Ltd. eMLi には、パストラバーサルの脆弱性が存在します。
Possible impacts	情報を取得される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	March 29, 2017, midnight
Registration Date	May 8, 2017, 5:43 p.m.
Last Update	May 8, 2017, 5:43 p.m.

Affected System

AuroMeera Technometrix Pvt. Ltd

eMLi College Campus Management 1.0

eMLi School Management 1.0

eMLi University Management 1.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-7258	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7258
National Vulnerability Database (NVD)
2	CVE-2017-7258	https://nvd.nist.gov/vuln/detail/CVE-2017-7258

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-22	https://jvndb.jvn.jp/ja/cwe/CWE-22.html

ベンダー情報

No	Name	URL
AuroMeera
1	eMLi College Campus Management	http://www.auromeera.com/emli/college-campus-management-system.html
2	eMLi School Management	http://www.auromeera.com/emli/school-management-system.html
3	eMLi University Management	http://www.auromeera.com/emli/university-management-system.html

その他

No	Name	URL
関連文書
1	Path Traversal Vulnerability in eMLi Portal [CVE-2017-7258]	https://sudoat.blogspot.jp/2017/03/path-traversal-vulnerability-in-emli.html

Change Log

No	Changed Details	Date of change
0	[2017年05月08日] 掲載	Feb. 17, 2018, 10:37 a.m.