Описание
Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors.
Комментарий
Additional sources found during analysis:
http://xforce.iss.net/xforce/xfdb/44426 http://www.openfreeway.org/home.html
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:openfreeway:freeway:1.0.25:public_beta:*:*:*:*:*:*
cpe:2.3:a:openfreeway:freeway:1.0.59:*:*:*:*:*:*:*
cpe:2.3:a:openfreeway:freeway:1.0.60:*:*:*:*:*:*:*
cpe:2.3:a:openfreeway:freeway:1.1.1.81:*:*:*:*:*:*:*
cpe:2.3:a:openfreeway:freeway:1.2.0.113:*:*:*:*:*:*:*
cpe:2.3:a:openfreeway:freeway:1.3.0.142:*:*:*:*:*:*:*
cpe:2.3:a:openfreeway:freeway:1.3.1.147:*:*:*:*:*:*:*
cpe:2.3:a:openfreeway:freeway:1.3.2.154:*:*:*:*:*:*:*
cpe:2.3:a:openfreeway:freeway:1.3.2.160:joomla_beta:*:*:*:*:*:*
cpe:2.3:a:openfreeway:freeway:1.4:pre-release:*:*:*:*:*:*
cpe:2.3:a:openfreeway:freeway:1.4.1:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00161
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors.
EPSS
Процентиль: 37%
0.00161
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-22