PT-2022-15732 · Unknown · Ovidentia Cms

Published

2022-02-17

Updated

2022-02-25

CVE-2022-22914

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ovidentia CMS version 6.0

Description An issue with access control in the FileManager component allows authenticated attackers to view and download content in the upload directory via path traversal.

Recommendations For Ovidentia CMS version 6.0, consider restricting access to the FileManager component until a patch is available. As a temporary workaround, limit the permissions of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2022-22914

Affected Products

Ovidentia Cms

PT-2022-15732 · Unknown · Ovidentia Cms

CVE-2022-22914

Weakness Enumeration

Related Identifiers

Affected Products

References · 6