VIR Vulnerability Intelligence Relay

CVE-2013-5692

high
Published 2013-09-30 · Modified 2026-04-29
CVSS v3
CVSS v2
8.5
VIR risk
8.5

Description

Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact
VendorProductVersionsFixed
x2enginex2crm{"endIncluding":"3.4.1"}
x2enginex2crm1.0
x2enginex2crm1.0.1
x2enginex2crm1.1.0
x2enginex2crm1.2.0
x2enginex2crm1.2.1
x2enginex2crm1.2.2
x2enginex2crm1.3
x2enginex2crm1.3.1
x2enginex2crm2.2
x2enginex2crm2.2.1
x2enginex2crm2.5
x2enginex2crm2.5.2
x2enginex2crm2.7
x2enginex2crm2.7.1
x2enginex2crm2.7.2
x2enginex2crm2.8
x2enginex2crm2.8.1
x2enginex2crm2.9
x2enginex2crm2.9.1
x2enginex2crm3.0
x2enginex2crm3.0.1
x2enginex2crm3.0.2
x2enginex2crm3.1
x2enginex2crm3.1.1
x2enginex2crm3.1.2
x2enginex2crm3.2
x2enginex2crm3.3
x2enginex2crm3.3.1
x2enginex2crm3.3.2
x2enginex2crm3.4

References

CWEs

CWE-22

Verify integrity in audit chain (admin only). AS-IS.