Lucene search

GitHub Advisory DatabaseGHSA-MH9J-V6MQ-PFCH

HistoryDec 04, 2021 - 12:00 a.m.

Path manipulation in matyhtf/framework

2021-12-0400:00:53

CWE-22

GitHub Advisory Database

github.com

matyhtf

framework

path manipulation

vulnerability

smarty.class.php

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

62.4%

JSON

matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php. The issue was fixed in version 3.0.6.

Affected configurations

Vulners

Node

matyhtfframeworkRange<3.0.6

VendorProductVersionCPE
matyhtfframework*cpe:2.3:a:matyhtf:framework:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
matyhtf	framework	*	cpe:2.3:a:matyhtf:framework::::::::

References

github.com/advisories/GHSA-mh9j-v6mq-pfch

github.com/FriendsOfPHP/security-advisories/blob/master/matyhtf/framework/CVE-2021-43676.yaml

github.com/matyhtf/framework/commit/25084603b7ea771eebe263d39744fe6abf1f8d61

github.com/matyhtf/framework/issues/206

nvd.nist.gov/vuln/detail/CVE-2021-43676

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

62.4%

JSON

Related for GHSA-MH9J-V6MQ-PFCH