gregwar/rst Local File Inclusion Vulnerability

2024-05-1521:49:20

Google

osv.dev

local file inclusion

gregwar/rst

sensitive files

input validation

unauthorized access

server security

7 High

AI Score

Confidence

Low

JSON

A Local File Inclusion (LFI) vulnerability has been discovered in the gregwar/rst library, potentially exposing sensitive files on the server to unauthorized users. The issue arises from inadequate input validation, allowing an attacker to manipulate file paths and include arbitrary files.

CPENameOperatorVersion
gregwar/rsteq1.0.1
gregwar/rsteq1.0.2
gregwar/rsteq1.0.0

Name	Operator	Version
gregwar/rst	eq	1.0.1
gregwar/rst	eq	1.0.2
gregwar/rst	eq	1.0.0

References

github.com/FriendsOfPHP/security-advisories/blob/master/gregwar/rst/2016-10-31.yaml

github.com/Gregwar/RST

github.com/Gregwar/RST/commit/e8d90ccbeddd91ba3abc506079661dce234f9870

github.com/Gregwar/RST/pull/34

hackerone.com/reports/179034

7 High

AI Score

Confidence

Low

JSON