Описание
Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment.
Ссылки
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:webgrind_project:webgrind:1.5.0:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.87195
Высокий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
** DISPUTED ** Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment."
EPSS
Процентиль: 99%
0.87195
Высокий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-22