exploitDog

GHSA-f9j8-jh89-c96f

Опубликовано: 03 июн. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 6.9

CVSS3: 5.3

Описание

Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.

Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.

Ссылки

EPSS

Процентиль: 23%

0.00078

Низкий

6.9 Medium

CVSS4

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2025-41428

CVSS3: 5.3

nvd

8 месяцев назад

Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.

EPSS

Процентиль: 23%

0.00078

Низкий

6.9 Medium

CVSS4

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-22