PT-2019-10134 · Php Scripts Mall · Php Scripts Mall Chartered Accountant : Auditor Website
Publicado
2019-03-20
·
Atualizado
2019-03-25
·
CVE-2018-20638
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
PHP Scripts Mall Chartered Accountant : Auditor Website version 2.0.1
Description:
The issue allows directory traversal via a direct request for a listing of an image directory, such as an
assets/ directory.Recommendations:
For version 2.0.1, consider restricting access to sensitive directories to prevent unauthorized listing and potential exploitation. As a temporary workaround, restrict access to the
assets/ directory until a patch is available.Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Php Scripts Mall Chartered Accountant : Auditor Website