Описание
tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER["argv"] then there is a path manipulation vulnerability.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:tripexpress_project:tripexpress:1.1:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00491
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
около 4 лет назад
An unspecified version of tripexpress is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER["argv"] then there is a path manipulation vulnerability.
EPSS
Процентиль: 65%
0.00491
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22