6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.011 Low
EPSS
Percentile
84.3%
Directory traversal vulnerability in the callback function in client.php in
phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to
create or overwrite arbitrary files via directory traversal sequences in a
Proxy Granting Ticket IOU (PGTiou) parameter.
Author | Note |
---|---|
sbeattie | fixed in php-cas 1.1.3 |