exploitDog

CVE-2019-18924

Опубликовано: 12 нояб. 2019

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a particular file exists.

Ссылки

https://github.com/vulnerabilities-cve/vulnerabilities
Third Party Advisory
https://github.com/vulnerabilities-cve/vulnerabilities
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:systematic:iris_webforms:5.4:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00237

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-q9p2-wx98-924v

github

больше 3 лет назад

Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a particular file exists.

EPSS

Процентиль: 47%

0.00237

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22