Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a CVE vulnerability ID? 
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
New vulnerability? Tell us about it!
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2022-0403
Date: November 15, 2022
A Path Traversal attack was discovered in ericferon/glpi-archimap that leads to Remote Code Execution via PHP file upload. An attacker could perform actions not intended by application like read, update or delete arbitrary files and directories stored on file system including application source code or configuration and critical system files. For example, an attacker can upload PHP file and obtain remote code execution on the system. The issue is fixed in version 3.2.16.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |