Lucene search

GitHub Advisory DatabaseGHSA-W327-WQ28-3VMF

HistoryMay 02, 2022 - 3:56 a.m.

CuteSoft CuteEditor Path Traversal vulnerability

2022-05-0203:56:59

CWE-22

GitHub Advisory Database

github.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

Directory traversal vulnerability in CuteSoft_Client/CuteEditor/Load.ashx in CuteSoft Components Cute Editor for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Affected configurations

Vulners

Node

cuteeditorRange<6.6

CPENameOperatorVersion
cuteeditorlt6.6

CPE	Name	Operator	Version
	cuteeditor	lt	6.6

References

www.exploit-db.com/exploits/8785

exchange.xforce.ibmcloud.com/vulnerabilities/50727

github.com/advisories/GHSA-w327-wq28-3vmf

nvd.nist.gov/vuln/detail/CVE-2009-4665

web.archive.org/web/20200228205122/www.securityfocus.com/bid/35085

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for GHSA-W327-WQ28-3VMF