Incomplete Fix for CVE-2014-10401 Allows DBD::File Drivers to Open Files from Unauthorized Folders

Incomplete Fix for CVE-2014-10401 Allows DBD::File Drivers to Open Files from Unauthorized Folders

CVE-2014-10402 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.

Learn more about our Web Application Penetration Testing UK.