exploitDog

GHSA-xq4m-r2r3-54jq

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.

acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.

Ссылки

EPSS

Процентиль: 70%

0.00645

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2017-8868

CVSS3: 7.5

nvd

больше 8 лет назад

acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.

EPSS

Процентиль: 70%

0.00645

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-22