Lucene search

GitHub Advisory DatabaseGHSA-2WXV-3G4V-P76P

HistoryMay 01, 2022 - 7:08 a.m.

phpSysInfo allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence

2022-05-0107:08:17

CWE-22

GitHub Advisory Database

github.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.1%

JSON

Directory traversal vulnerability in index.php in phpSysInfo prior to 3.2.5 allows remote attackers to determine the existence of arbitrary files via a … (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists.

Affected configurations

Vulners

Node

phpsysinfophpsysinfoRange<3.2.5

CPENameOperatorVersion
phpsysinfo/phpsysinfolt3.2.5

CPE	Name	Operator	Version
	phpsysinfo/phpsysinfo	lt	3.2.5

References

exchange.xforce.ibmcloud.com/vulnerabilities/27527

github.com/advisories/GHSA-2wxv-3g4v-p76p

github.com/phpsysinfo/phpsysinfo/commit/60b5bbb5d1cc17f44050e99a3e746f55a4fd4e18

github.com/phpsysinfo/phpsysinfo/issues/107

github.com/phpsysinfo/phpsysinfo/issues/368#issuecomment-1380842745

nvd.nist.gov/vuln/detail/CVE-2006-3360

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.1%

JSON

Related for GHSA-2WXV-3G4V-P76P