Lucene search

MitreCVE-2022-43264

HistoryNov 16, 2022 - 3:15 p.m.

CVE-2022-43264

2022-11-1615:15:16

CWE-22

mitre

web.nvd.nist.gov

arobas music

guitar pro

ipad

iphone

cve-2022-43264

directory traversal

vulnerability

security

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

62.0%

JSON

Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via a crafted web request.

Affected configurations

Nvd

Node

guitar-proguitar_proRange<1.10.2ipad_os

guitar-proguitar_proRange<1.10.2iphone_os

VendorProductVersionCPE
guitar-proguitar_pro*cpe:2.3:a:guitar-pro:guitar_pro:*:*:*:*:*:ipad_os:*:*
guitar-proguitar_pro*cpe:2.3:a:guitar-pro:guitar_pro:*:*:*:*:*:iphone_os:*:*

Vendor	Product	Version	CPE
guitar-pro	guitar_pro	*	cpe:2.3:a:guitar-pro:guitar_pro::::::ipad_os::*
guitar-pro	guitar_pro	*	cpe:2.3:a:guitar-pro:guitar_pro::::::iphone_os::*

References

www.pizzapower.me/2022/10/11/guitar-pro-directory-traversal-and-filename-xss/

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

62.0%

JSON

Related for CVE-2022-43264