0.002 Low
EPSS
Percentile
54.3%
An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field.
Server/Entity/Resource/Connection.js
github.com/HashBrownCMS/hashbrown-cms
github.com/HashBrownCMS/hashbrown-cms/commit/6b37b73944447bb29c6aaeb086b04196d80c692a
github.com/HashBrownCMS/hashbrown-cms/compare/v1.3.1...v1.3.2
github.com/HashBrownCMS/hashbrown-cms/releases/tag/v1.3.2
nvd.nist.gov/vuln/detail/CVE-2020-5840