CVE-2018-25094

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ระบบบัญชีออนไลน์ Online Accounting System versions up to 1.4.0

Description A problematic issue affects the processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal. The exploit has been disclosed to the public and may be used.

Recommendations For versions up to 1.4.0, upgrade to version 2.0.0 to address this issue. As a temporary workaround, consider restricting access to the vulnerable file ckeditor/filemanager/browser/default/image.php until the upgrade is applied. Avoid using the argument fid with potentially malicious input in the affected file.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-24CWE-22

Related Identifiers

CVE-2018-25094

Affected Products

Ckeditor

Online Accounting System

CVE-2018-25094

Weakness Enumeration

Related Identifiers

Affected Products

References · 7