Veracode Vulnerability DatabaseVERACODE:43958Path Traversal
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
32.4%
coderedcms is vulnerable to Path Traversal. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Wagtail CRX CodeRed Extensions server. The request would contain a specially crafted path that would cause the server to serve the attacker a file that is outside of the expected directory. This could allow the attacker to access sensitive information, such as passwords or configuration files.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
32.4%