Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST...
7.5CVSS
7.4AI Score
0.002EPSS
Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST...
5.3CVSS
5.2AI Score
0.001EPSS
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session...
8.8CVSS
8.7AI Score
0.002EPSS
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted...
8.1CVSS
7.9AI Score
0.001EPSS