{"id":"CVE-2012-2352","details":"The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions.","modified":"2026-04-10T03:44:14.710150Z","published":"2012-05-31T17:55:04Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/49045"},{"type":"ADVISORY","url":"http://secunia.com/advisories/49237"},{"type":"ADVISORY","url":"http://www.debian.org/security/2012/dsa-2477"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/05/11/8"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/05/12/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/05/12/8"},{"type":"WEB","url":"http://www.osvdb.org/81890"},{"type":"WEB","url":"http://www.securityfocus.com/bid/53503"},{"type":"WEB","url":"https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa&r1=6706&r2=7358&pathrev=7358"},{"type":"WEB","url":"https://www.sympa.org/distribution/latest-stable/NEWS"}],"schema_version":"1.7.5"}