Lucene search

GitHub Advisory DatabaseGHSA-8QFM-H8RH-H3R7

HistoryNov 30, 2023 - 3:30 p.m.

PHPMemcachedAdmin Path Traversal vulnerability

2023-11-3015:30:24

CWE-22

GitHub Advisory Database

github.com

path traversal

vulnerability

phpmemcachedadmin

file deletion

server security

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.4%

JSON

A Path traversal vulnerability has been reported in elijaa/phpmemcachedadmin affecting version 1.3.0. This vulnerability allows an attacker to delete files stored on the server due to lack of proper verification of user-supplied input.

Affected configurations

Vulners

Node

elijaaphpmemcachedadminRange≤1.3.0

CPENameOperatorVersion
elijaa/phpmemcacheadminle1.3.0

CPE	Name	Operator	Version
	elijaa/phpmemcacheadmin	le	1.3.0

References

github.com/advisories/GHSA-8qfm-h8rh-h3r7

github.com/FriendsOfPHP/security-advisories/blob/master/elijaa/phpmemcacheadmin/CVE-2023-6026.yaml

nvd.nist.gov/vuln/detail/CVE-2023-6026

packagist.org/packages/elijaa/phpmemcacheadmin

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-phpmemcachedadmin

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.4%

JSON

Related for GHSA-8QFM-H8RH-H3R7