exploitDog

GHSA-q5ph-hv6h-q9vh

Опубликовано: 12 фев. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests.

A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests.

Ссылки

EPSS

Процентиль: 82%

0.01803

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-35

Связанные уязвимости

CVE-2025-26352

CVSS3: 6.5

nvd

12 месяцев назад

A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests.

EPSS

Процентиль: 82%

0.01803

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-35