Описание
An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the module, but not from recursive directories.
EPSS
Процентиль: 76%
0.0093
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-23
Связанные уязвимости
CVSS3: 5.3
github
больше 1 года назад
An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the module, but not from recursive directories.
EPSS
Процентиль: 76%
0.0093
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-23