Описание
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.0 (включая) до 4.8.3 (включая)
Одно из
cpe:2.3:a:getflightpath:flightpath:*:*:*:*:*:*:*:*
cpe:2.3:a:getflightpath:flightpath:5.0:beta1:*:*:*:*:*:*
cpe:2.3:a:getflightpath:flightpath:5.0:beta2:*:*:*:*:*:*
cpe:2.3:a:getflightpath:flightpath:5.0:dev1:*:*:*:*:*:*
cpe:2.3:a:getflightpath:flightpath:5.0:dev2:*:*:*:*:*:*
cpe:2.3:a:getflightpath:flightpath:5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:getflightpath:flightpath:5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:getflightpath:flightpath:5.0:rc3:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.66535
Средний
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module.
EPSS
Процентиль: 98%
0.66535
Средний
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22