VDB

GCVE-110-MAGEIA-2018-196

GCVE-110-MAGEIA-2018-196
Advisory Published
Vulnetix · Advisory published April 6, 2018
Nmap developer nnposter found a security flaw (directory traversal vulnerability) in the way the non-default http-fetch script sanitized URLs. If a user manualy ran this NSE script against a malicious web server, the server could potentially (depending on NSE arguments used) cause files to be saved outside the intended destination directory. Existing files couldn't be overwritten. We fixed http-fetch, audited our other scripts to ensure they didn't make this mistake, and updated the httpspider library API to protect against this by default.

Affected Products

VendorProductVersionsPlatforms
Mageianmap0 (affected), 7.40-1.1.mga6 (unaffected)

Browse GCVE Records

73,442 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›