Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-85491
HistoryNov 30, 2022 - 12:00 a.m.

Chocolatey PHP Privilege Design Vulnerability

2022-11-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
14
php
server-side
privilege design
vulnerability
chocolatey
package
version 8.1.12
authenticated users
group
write access
subfolder
exploited
attacker
file write permissions

EPSS

0.001

Percentile

22.8%

JSON

PHP is a scripting language that executes on the server side. a privilege design vulnerability exists in the Chocolatey PHP package v8.1.12 and below, which stems from the fact that all users in the Authenticated users group have write access to the subfolder C:\tools\php81 and all files in that folder, which could be exploited by an attacker to obtain file write permissions.

Related

prion 1
cvelist 1
nvd 1
cve 1
prion
prion
Default credentials
2022-11-29 02:15:00
cvelist
cvelist
CVE-2022-45307
2022-11-29 00:00:00
nvd
nvd
CVE-2022-45307
2022-11-29 02:15:09
cve
cve
CVE-2022-45307
2022-11-29 02:15:09

EPSS

0.001

Percentile

22.8%

JSON
Related for CNVD-2022-85491
prion1cvelist1nvd1cve1