Описание
A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability.
Ссылки
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Permissions RequiredThird Party Advisory
- Permissions RequiredThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Permissions RequiredThird Party Advisory
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.0 (исключая)
cpe:2.3:a:surpass_project:surpass:*:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00242
Низкий
5.5 Medium
CVSS3
5.3 Medium
CVSS3
5.2 Medium
CVSS2
Дефекты
CWE-21
CWE-22
Связанные уязвимости
EPSS
Процентиль: 47%
0.00242
Низкий
5.5 Medium
CVSS3
5.3 Medium
CVSS3
5.2 Medium
CVSS2
Дефекты
CWE-21
CWE-22