Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints.
CPE | Name | Operator | Version |
---|---|---|---|
firefly-iii | eq | 4.7.6.1 | |
firefly-iii | eq | 4.7.6.2 | |
firefly-iii | eq | 4.3.6 | |
firefly-iii | eq | 4.7.14 | |
firefly-iii | eq | 3.3.6 | |
firefly-iii | eq | 4.7.13 | |
firefly-iii | eq | 3.3.8 | |
firefly-iii | eq | 3.2.3 | |
firefly-iii | eq | 3.4.0.5 | |
firefly-iii | eq | 3.3.9 |