exploitDog

CVE-2022-26675

Опубликовано: 07 апр. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory.

Ссылки

https://www.twcert.org.tw/tw/cp-132-5969-a5d4a-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-5969-a5d4a-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aenrich:a\+hrd:6.8:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00259

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-737x-q9xp-w8ch

CVSS3: 7.5

github

почти 4 года назад

aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory.

EPSS

Процентиль: 49%

0.00259

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

CWE-22