Описание
A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.0.7 (включая) до 2.2.26 (включая)
cpe:2.3:a:nih:ncbi_toolbox:*:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.44536
Средний
9.1 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 9.1
github
больше 3 лет назад
A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.
EPSS
Процентиль: 97%
0.44536
Средний
9.1 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22