Описание
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:projectsend:projectsend:r1295:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00845
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder.
EPSS
Процентиль: 74%
0.00845
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-22