nuovo/spreadsheet-reader is vulnerable to an Arbitrary File Read. The library ships with a test.php
file in the root-directory, which can be called via a HTTP GET with an arbitrary path as a value for the File parameter, which allows attackers to gain access to an arbitrary file.
CPE | Name | Operator | Version |
---|---|---|---|
nuovo/spreadsheet-reader | eq | 0.5.11 | |
nuovo/spreadsheet-reader | eq | 0.5.11 |