exploitDog

CVE-2024-8941

Опубликовано: 25 сент. 2024

Источник: nvd

CVSS3: 7.5

CVSS3: 5.3

EPSS Низкий

Описание

Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter), which allows unauthenticated remote users to bypass SecurityManager's intended restrictions and list and/or read a parent directory via a “/...” or directly into a path used in the POST parameter “field_file” by a web application.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-scriptcase
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:scriptcase:scriptcase:9.4.019:*:*:*:*:*:*:*

EPSS

Процентиль: 21%

0.00069

Низкий

7.5 High

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-3hc5-r53w-6ph8

CVSS3: 7.5

github

больше 1 года назад

Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter), which allows unauthenticated remote users to bypass SecurityManager's intended restrictions and list and/or read a parent directory via a “/...” or directly into a path used in the POST parameter “field_file” by a web application.

EPSS

Процентиль: 21%

0.00069

Низкий

7.5 High

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-22