Описание
Directory traversal vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the order parameter. NOTE: another researcher disputes this vulnerability, noting that the order variable is not used in any context that allows opening files
Ссылки
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:weekly_drawing_contest:weekly_drawing_contest:0.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00323
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
** DISPUTED ** Directory traversal vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the order parameter. NOTE: another researcher disputes this vulnerability, noting that the order variable is not used in any context that allows opening files.
EPSS
Процентиль: 55%
0.00323
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other