2 matches found
CVE-2019-14671
Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fintsurl to import/job/configuration, and import/create/fints...
CVE-2019-14671
Firefly III 4.7.17.3 is vulnerable to local file enumeration due to insufficient sanitization of protocol schemes, notably file:/// URLs, related to the fints_url used in import/job/configuration and import/create/fints. This affects the ability of an attacker to enumerate local files. The connec...