exploitDog

CVE-2023-25265

Опубликовано: 28 фев. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system.

Ссылки

https://frycos.github.io/vulns4free/2023/01/24/0days-united-nations.html
Exploit
Third Party Advisory
https://resources.docmosis.com/content/documentation/tornado-v2-9-5-release-notes
Release Notes
https://frycos.github.io/vulns4free/2023/01/24/0days-united-nations.html
Exploit
Third Party Advisory
https://resources.docmosis.com/content/documentation/tornado-v2-9-5-release-notes
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:docmosis:tornado:*:*:*:*:*:*:*:*

Версия до 2.9.5 (исключая)

EPSS

Процентиль: 50%

0.0027

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-v8p7-4m38-955w

CVSS3: 7.5

github

почти 3 года назад

Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system.

EPSS

Процентиль: 50%

0.0027

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

CWE-22