GitHub Advisory DatabaseGHSA-MMH6-5CPF-2C72phpMyFAQ Path Traversal in Attachments
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
10.5%
Summary
There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root.
PoC
-
In settings, the attachment location is vulnerable to path traversal and can be set to e.g …\hacked
-
When the above is set, attachments files are now uploaded to e.g C:\Apps\XAMPP\htdocs\hacked instead of C:\Apps\XAMPP\htdocs\phpmyfaq\attachments
-
Verify this by uploading an attachment and see that the “hacked” directory is now created in the web root folder with the attachment file inside.
Impact
Attackers can potentially upload malicious files outside the specified directory.
Affected configurations
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
10.5%