CVE-2022-0855

Exploit

EPSS 0.6%
Veröffentlicht 04.03.2022 19:15:08
Zuletzt bearbeitet 21.11.2024 06:39:32
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microweber ≫ Whmcs Version < 0.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.6%	0.684

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N
security@huntr.dev	7.4	2.2	5.2	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-41 Improper Resolution of Path Equivalence

The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.

CWE-706 Use of Incorrectly-Resolved Name or Reference

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

https://github.com/microweber-dev/whmcs_plugin/commit/2e7a11d332db79cc52ccda00455a15f4dc6147ff

Patch

Third Party Advisory

https://huntr.dev/bounties/511879b0-cdaa-4c03-af92-deb54d46284a

Patch

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-0855

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-0855

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-0855

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-0855