PT-2018-16184 · Buttle · Buttle
Published
2018-07-05
·
Updated
2023-02-28
·
CVE-2018-3766
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
buttle versions <= 0.2.0
Description
The issue concerns a path traversal vulnerability in the buttle module, allowing attackers to read any file on the server due to insufficient input sanitization. This can be exploited by using relative paths when fetching files.
Recommendations
For buttle versions <= 0.2.0, consider using an alternative module until a fix is made available.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Buttle