exploitDog

GHSA-rxvq-9432-rg42

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter.

A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter.

Ссылки

EPSS

Процентиль: 59%

0.00379

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2017-9428

CVSS3: 7.5

nvd

больше 8 лет назад

A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter.

EPSS

Процентиль: 59%

0.00379

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-22