PT-2023-10336 · Unknown · Fabarea Media Upload
Fabarea
·
Publicado
2023-01-10
·
Atualizado
2024-05-17
·
CVE-2016-15017
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
fabarea media upload versions prior to 0.9.0
Description
A critical vulnerability has been found in the function
getUploadedFileList of the file Classes/Service/UploadFileService.php, which leads to pathname traversal.Recommendations
For versions prior to 0.9.0, upgrade to version 0.9.0 to address this issue. As a temporary workaround, consider disabling the
getUploadedFileList function until the patch is applied.Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Fabarea Media Upload