Froxlor is vulnerable to path traversal · CVE-2023-0316 · GitHub Advisory Database · GitHub

Froxlor is vulnerable to path traversal

Moderate severity GitHub Reviewed Published Jan 16, 2023 to the GitHub Advisory Database • Updated Jan 24, 2023

Package

froxlor/froxlor (Composer)

Affected versions

< 2.0.0

Patched versions

2.0.0

Description

Path Traversal: '..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.

References

Published by the National Vulnerability Database

Jan 16, 2023

Published to the GitHub Advisory Database Jan 16, 2023

Reviewed Jan 19, 2023

Last updated Jan 24, 2023

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N