Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2022-0375
Good to know:
Date: October 25, 2022
Path Traversal - Download remote files by exploiting the backup functionality (Authenticated) in getformwork/formwork.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22Top Fix
Upgrade Version
Upgrade to version getformwork/formwork - dev-dependabot/npm_and_yarn/panel/prosemirror-commands-1.6.2;getformwork/formwork - dev-ignore-panel-assets;getformwork/formwork - dev-dependabot/composer/rector/rector-1.2.2;getformwork/formwork - dev-dependabot/composer/phpstan/phpstan-1.11.3;getformwork/formwork - dev-dependabot/composer/phpstan/phpstan-1.10.57;getformwork/formwork - dev-dependabot/composer/rector/rector-1.2.0;getformwork/formwork - dev-dependabot/composer/phpstan/phpstan-1.12.0;getformwork/formwork - dev-feature/improved-fields;getformwork/formwork - 1.x-dev;getformwork/formwork - dev-dependabot/composer/jaybizzle/crawler-detect-1.3.0;getformwork/formwork - dev-process-file-uploads;getformwork/formwork - dev-feature/text-input-icons;getformwork/formwork - dev-dependabot/npm_and_yarn/panel/esbuild-0.18.17;getformwork/formwork - dev-dependabot/npm_and_yarn/admin/chartist-1.1.2;getformwork/formwork - dev-feature/dynamic-field-values;getformwork/formwork - dev-feature/proper-file-responses;getformwork/formwork - dev-dependabot/composer/jaybizzle/crawler-detect-1.3.1
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |