Опубликовано: 28 фев. 2024
Источник: github
Github: Прошло ревью
CVSS4: 6.9
CVSS3: 4.9
Описание
Webtrees Path Traversal vulnerability
Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the 'media/' directory) to access sensitive files in other parts of the application's file system.
Пакеты
Наименование
fisharebest/webtrees
composer
Затронутые версииВерсия исправления
<= 2.1.18
Отсутствует
EPSS
Процентиль: 44%
0.00215
Низкий
6.9 Medium
CVSS4
4.9 Medium
CVSS3
CVE ID
Дефекты
CWE-22
CWE-31
Связанные уязвимости
CVSS3: 4.9
nvd
почти 2 года назад
Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the 'media/' directory) to access sensitive files in other parts of the application's file system.
EPSS
Процентиль: 44%
0.00215
Низкий
6.9 Medium
CVSS4
4.9 Medium
CVSS3
CVE ID
Дефекты
CWE-22
CWE-31