exploitDog

GHSA-xmfx-vpr2-gpqw

Опубликовано: 01 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter.

Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter.

Ссылки

EPSS

Процентиль: 88%

0.03739

Низкий

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2007-6471

nvd

около 18 лет назад

Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter.

EPSS

Процентиль: 88%

0.03739

Низкий

CVE ID

Дефекты

CWE-22