CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
60.8%
OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName
. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.
Vendor | Product | Version | CPE |
---|---|---|---|
oroinc | oroplatform | * | cpe:2.3:a:oroinc:oroplatform:*:*:*:*:*:*:*:* |
[
{
"vendor": "oroinc",
"product": "platform",
"versions": [
{
"version": ">= 4.1.0, <= 4.1.13",
"status": "affected"
},
{
"version": ">= 4.2.0, <= 4.2.10",
"status": "affected"
},
{
"version": " >= 5.0.0, < 5.0.9",
"status": "affected"
}
]
}
]