6.9
CVE-2025-2651
- EPSS 0.63%
- Veröffentlicht 23.03.2025 14:31:04
- Zuletzt bearbeitet 14.05.2025 21:19:17
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginSourceCodester Online Eyewear Shop admin exposure of information through directory listing
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. Multiple sub-directories are affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oretnom23 ≫ Online Eyewear Shop Version1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.63% | 0.455 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| cna@vuldb.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-548 Exposure of Information Through Directory Listing
A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.
CWE-552 Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.
https://www.sourcecodester.com/
https://vuldb.com/?id.300666
https://vuldb.com/?ctiid.300666
https://vuldb.com/?submit.519873
https://github.com/happytraveller-alone/cve/blob/main/Directory%20Traversal%20Vulnerability.md