7.1 High
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
57.1%
Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users’ directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter.
secunia.com/advisories/20304
securityreason.com/securityalert/968
sourceforge.net/forum/forum.php?forum_id=576219
sourceforge.net/project/shownotes.php?release_id=420549&group_id=90199
www.securityfocus.com/archive/1/435135/100/0/threaded
www.securityfocus.com/bid/18139
www.vupen.com/english/advisories/2006/2033
exchange.xforce.ibmcloud.com/vulnerabilities/26705