PT-2022-19232 · Samsung · Galaxy Themes
Published
2022-05-03
·
Updated
2022-05-11
·
CVE-2022-28784
CVSS v3.1
4.0
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Galaxy Themes versions prior to SMR May-2022 Release 1
Description
The issue is related to a path traversal vulnerability that allows attackers to list file names in an arbitrary directory as a system user. This is due to an incorrect implementation of the file path validation check logic.
Recommendations
For Galaxy Themes versions prior to SMR May-2022 Release 1, update to the SMR May-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories to minimize the risk of exploitation.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Galaxy Themes