exploitDog

CVE-2022-34002

Опубликовано: 16 сент. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application.

Ссылки

https://assura.atlassian.net/wiki/spaces/VULNS/pages/1843134469/CVE-2022-34002+Personnel+Data+Systems+PDS+Vista+7+-+Local+File+Inclusion
Exploit
Third Party Advisory
https://assurainc.com
Third Party Advisory
https://assura.atlassian.net/wiki/spaces/VULNS/pages/1843134469/CVE-2022-34002+Personnel+Data+Systems+PDS+Vista+7+-+Local+File+Inclusion
Exploit
Third Party Advisory
https://assurainc.com
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pdssoftware:pds_vista_7:*:*:*:*:*:*:*:*

Версия до 7.1.7.2 (исключая)

EPSS

Процентиль: 59%

0.00384

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-72h3-c86w-25hc

CVSS3: 6.5

github

больше 3 лет назад

The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application.

EPSS

Процентиль: 59%

0.00384

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22