Lucene search

@huntrdevCVELIST:CVE-2022-1000

HistoryMar 17, 2022 - 10:30 a.m.

CVE-2022-1000 Path Traversal in prasathmani/tinyfilemanager

2022-03-1710:30:14

CWE-22

@huntrdev

www.cve.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.0%

JSON

Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.

CNA Affected

[
  {
    "product": "prasathmani/tinyfilemanager",
    "vendor": "prasathmani",
    "versions": [
      {
        "lessThan": "2.4.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/prasathmani/tinyfilemanager/commit/154947ef83efeb68fc2b921065392b6a7fc9c965

huntr.dev/bounties/5995a93f-0c4b-4f7d-aa59-a64424219424

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.0%

JSON

Related for CVELIST:CVE-2022-1000