CVE-2016-15003

Exploit

EPSS 0.65%
Veröffentlicht 18.07.2022 09:15:08
Zuletzt bearbeitet 21.11.2024 02:45:28
Quelle cna@vuldb.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Filezilla-project ≫ Filezilla Client Version3.17.0

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.65%	0.699

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-428 Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

https://vuldb.com/?id.97204

Third Party Advisory

https://www.exploit-db.com/exploits/39803/

Third Party Advisory

Exploit

VDB Entry

https://youtu.be/r06VwwJ9J4M

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2016-15003

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-15003

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-15003

EUVD