Описание
Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors.
Ссылки
- Issue TrackingVendor Advisory
- ExploitIssue TrackingVendor Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Issue TrackingVendor Advisory
- ExploitIssue TrackingVendor Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.08.23 (исключая)Версия от 3.10.00 (включая) до 3.10.13 (исключая)Версия от 3.12.00 (включая) до 3.12.10 (исключая)Версия от 3.14.00 (включая) до 3.14.03 (исключая)
Одно из
cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*
cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*
cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*
cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02419
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
debian
около 6 лет назад
Multiple directory traversal vulnerabilities in the (1) staff interfac ...
CVSS3: 7.5
github
больше 3 лет назад
Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors.
EPSS
Процентиль: 85%
0.02419
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22