exploitDog

GHSA-q5hv-gf2m-3r8v

Опубликовано: 16 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 7

CVSS3: 6.5

Описание

WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory traversal sequences to delete files outside the intended directory.

WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory traversal sequences to delete files outside the intended directory.

Ссылки

EPSS

Процентиль: 70%

0.00653

Низкий

7 High

CVSS4

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2023-53902

CVSS3: 6.5

nvd

около 2 месяцев назад

WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory traversal sequences to delete files outside the intended directory.

EPSS

Процентиль: 70%

0.00653

Низкий

7 High

CVSS4

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-22