PT-2023-10209 · Sukohi · Sukohi Surpass
Published
2023-01-08
·
Updated
2024-05-17
·
CVE-2015-10030
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SUKOHI Surpass versions prior to 1.0.0
Description
A critical vulnerability has been found in SUKOHI Surpass, affecting unknown code in the file
src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal.Recommendations
To address this issue, upgrade to version 1.0.0. As a temporary workaround, consider restricting access to the vulnerable file
Surpass.php until the upgrade is applied.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sukohi Surpass