exploitDog

GHSA-xg98-5m8g-vc99

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.

KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.

Ссылки

EPSS

Процентиль: 69%

0.00592

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2018-18950

CVSS3: 7.5

nvd

больше 7 лет назад

KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.

EPSS

Процентиль: 69%

0.00592

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-22