Lucene search

PRIOn knowledge basePRION:CVE-2018-25094

HistoryDec 03, 2023 - 11:15 a.m.

Path traversal

2023-12-0311:15:00

PRIOn knowledge base

www.prio-n.com

path traversal

online accounting system

vulnerability

file manipulation

system files

upgrade

patch

9d9618422b980335bb30be612ea90f4f56cb992c

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.3%

JSON

A vulnerability was found in ??? Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input …/…/…/etc/passwd leads to path traversal: ‘…/filedir’. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 9d9618422b980335bb30be612ea90f4f56cb992c. It is recommended to upgrade the affected component. The identifier VDB-246641 was assigned to this vulnerability.

CPENameOperatorVersion
online_accounting_systemlt2.0.0

CPE	Name	Operator	Version
	online_accounting_system	lt	2.0.0

References

github.com/59160781/project/commit/9d9618422b980335bb30be612ea90f4f56cb992c

vuldb.com/?ctiid.246641

vuldb.com/?id.246641