CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
26.9%
dilab/resumable.php is vulnerable to Arbitrary File Upload. The vulnerability arises due to a lack of file upload path validation within Resumable.php
. An attacker can arbitrarily upload any non existing file on the filesystem.
github.com/dilab/resumable.php/commit/3c6dbf5170b01cbb712013c7d0a83f5aac45653b
github.com/dilab/resumable.php/issues/34
github.com/dilab/resumable.php/pull/27/commits/3e3c94d0302bb399a7611b4738a5a4dd0832a926
github.com/dilab/resumable.php/pull/39/commits/408f54dff10e48befa44d417933787232a64304b
github.com/dilab/resumable.php/pull/39/commits/d3552efd403e2d87407934477eee642836cab3b4
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
26.9%