Описание
Improper Input Validation in Firefly III
Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints.
Пакеты
Наименование
grumpydictator/firefly-iii
composer
Затронутые версииВерсия исправления
<= 4.7.17.3
4.7.17.4
Связанные уязвимости
CVSS3: 3.3
nvd
больше 6 лет назад
Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints.