Lucene search

MitreCVE-2018-20629

HistoryMar 21, 2019 - 4:00 p.m.

CVE-2018-20629

2019-03-2116:00:36

CWE-22

mitre

web.nvd.nist.gov

cve-2018-20629

php scripts mall

charity donation script

readymadeb2bscript

directory traversal

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

48.3%

JSON

PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.

Affected configurations

Nvd

Node

charity_donation_script_projectcharity_donation_scriptMatch-

VendorProductVersionCPE
charity_donation_script_projectcharity_donation_script-cpe:2.3:a:charity_donation_script_project:charity_donation_script:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
charity_donation_script_project	charity_donation_script	-	cpe:2.3:a:charity_donation_script_project:charity_donation_script:-:::::::*

References

gkaim.com/cve-2018-20629-vikas-chaudhary/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

48.3%

JSON

Related for CVE-2018-20629