exploitDog

GHSA-v9mv-xwff-7whp

Опубликовано: 04 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 3.3

Описание

Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.

Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.

Ссылки

EPSS

Процентиль: 5%

0.00021

Низкий

3.3 Low

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2022-28784

CVSS3: 4

nvd

почти 4 года назад

Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.

EPSS

Процентиль: 5%

0.00021

Низкий

3.3 Low

CVSS3

CVE ID

Дефекты

CWE-22