The software’s vulnerability regarding the detection of vulnerabilities and errors in PT Application Inspector arises from an incorrect limitation on the path to the restricted access directory. This allows attackers to increase their privileges.

The vulnerability of the application software’s interface for detecting vulnerabilities and errors in PT Application Inspector exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to enhance their...

PT-2024-53: Reading arbitrary files via API in PT Application Inspector (PT AI)

The vulnerability was identified in PT Application Inspector PT AI, versions 4.4.0 - 4.9.0 inlusevely. The discovered vulnerability allows an attacker with network access to PT AI to read source code files of other users' projects. The vulnerability can be used for privilege escalation...

The vulnerability of the software for detecting vulnerabilities and errors in PT Application Inspector, due to improper checking of query parameters, allows a perpetrator to execute arbitrary code.

The vulnerability of the PT Application Inspector’s software for detecting vulnerabilities and errors is related to improper checking of query parameters. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The software’s vulnerability involves errors in PT Application Inspector, particularly regarding the incorrect handling of links before accessing files. This allows attackers to escalate their privileges and gain unauthorized access to protected information.

The vulnerability of the PT Application Inspector’s software for detecting vulnerabilities and errors is related to incorrect definition of the link before accessing a file. Exploiting this vulnerability allows an attacker to enhance their privileges and gain unauthorized access to protected...

The vulnerability of the software for detecting vulnerabilities and errors in PT Application Inspector, related to link processing errors, allows attackers to enhance their privileges and gain unauthorized access to protected information.

The vulnerability of the PT Application Inspector’s software for detecting vulnerabilities and errors is related to errors in link processing. Exploiting this vulnerability allows a malicious actor to enhance their privileges and gain unauthorized access to protected information...

PT-2024-05: Remote Code Execution when creating a project from a git repository in PT Application Inspector (PT AI)

The vulnerability was identified in PT AI affecting versions 4.3.1 to 4.7.2. The vulnerability can be exploited by an attacker with network access to the PT AI control server to remotely execute code on the control server. Exploitation of the vulnerability requires authorization of the "project...

PT-2024-07: Reading arbitrary files via API in PT Application Inspector (PT AI)

The vulnerability was identified in PT AI affecting versions 4.3.1 to 4.7.2. The vulnerability can be exploited by an attacker with network access to the PT AI control server to read source code files of other user's projects. The vulnerability can be exploited for privilege escalation...

PT-2024-09: Creating arbitrary files during project creation in PT Application Inspector (PT AI)

The vulnerability was identified in PT AI affecting versions 4.3.1 to 4.7.2. The vulnerability can be exploited by an attacker with network access to the PT AI control server to create arbitrary files without the ability to overwrite existing files. Exploitation of the vulnerability requires...

PT-2024-04: Remote Code Execution at scan startup in PT Application Inspector (PT AI)

The vulnerability was identified in PT AI affecting versions 4.3.1 to 4.7.2. The vulnerability can be exploited by an attacker with network access to the PT AI management server to remotely execute code on the scan agent. Exploitation of the vulnerability requires authorization of the "project...

PT-2024-08: Reading arbitrary files when scanning a project linked to a git repository in PT Application Inspector (PT AI)

The vulnerability was identified in PT AI affecting versions 4.3.1 to 4.7.2. The vulnerability can be exploited by an attacker with network access to the PT AI control server to read source code files of other user's projects. The vulnerability can be exploited for privilege escalation...

PT-2024-06: Reading arbitrary files in the component Web IDE in PT Application Inspector (PT AI)

The vulnerability was identified in PT AI affecting versions 4.4 to 4.7.2. The vulnerability can be exploited by an attacker with network access to the PT AI control server to read source code files of other user's projects. Exploitation of the vulnerability requires authorization of the...