Lucene search
K

5 matches found

NVD
NVD
added 2023/06/23 9:15 p.m.65 views

CVE-2023-35169

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...

9.8CVSS9.7AI score0.03191EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/06/23 8:37 p.m.62 views

CVE-2023-35169 php-imap vulnerable to RCE through a directory traversal vulnerability

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...

9CVSS10AI score0.03191EPSS
Exploits1References5
Veracode
Veracode
added 2023/06/23 12:13 p.m.23 views

Directory Traversal

webklex/laravel-imap and webklex/php-imap are vulnerable to Directory Traversal. The vulnerability exists due to a lack of filename attachment sanitization which allows an attacker to save a file to an arbitrary location...

9.8CVSS6.9AI score0.03191EPSS
Exploits1References8Affected Software2
Github Security Blog
Github Security Blog
added 2023/06/21 9:58 p.m.52 views

php-imap vulnerable to RCE through a directory traversal vulnerability

Summary An unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability which results in a remote code execution vulnerability. Details An attacker can send an email with a malicious attachment to the inbox, which gets crawled with webklex/php-im...

9.8CVSS8AI score0.03191EPSS
Exploits1References7Affected Software2
OSV
OSV
added 2023/06/21 9:58 p.m.34 views

GHSA-47P7-XFCC-4PV9 php-imap vulnerable to RCE through a directory traversal vulnerability

Summary An unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability which results in a remote code execution vulnerability. Details An attacker can send an email with a malicious attachment to the inbox, which gets crawled with webklex/php-im...

9CVSS9.7AI score0.03191EPSS
Exploits1References7
Rows per page
Query Builder