PT-2022-28233 · Softwarex · Softwarex

Published

2022-06-02

·

Updated

2022-06-02

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions SoftwareX versions prior to 1.0.6
Description The issue allows end users to access all source code, files, and folders in the phoenix files/extensions/ directory through a simple HTTP GET request.
Recommendations For versions prior to 1.0.6, update to version 1.0.6 or above to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

GHSA-C8F7-X2G7-7FXJ

Affected Products

Softwarex