The product allows user input to control or influence paths or filenames that are used in filesystem operations, allowing the attacker to access or modify system files or other files that arecritical to the application.
9.9CVSS
7.1AI Score
0.0005EPSS
The product does not validate any query towards persistentdata, resulting in a risk of injection attacks.
9.9CVSS
7.5AI Score
0.001EPSS
The product exposes a service that is intended for local only toall network interfaces without any authentication.
9.8CVSS
6.9AI Score
0.001EPSS