Home > Vulnerability Database > WS-2022-0403

Mend.io Vulnerability Database

WS-2022-0403

Good to know:

Date: November 15, 2022

A Path Traversal attack was discovered in ericferon/glpi-archimap that leads to Remote Code Execution via PHP file upload. An attacker could perform actions not intended by application like read, update or delete arbitrary files and directories stored on file system including application source code or configuration and critical system files. For example, an attacker can upload PHP file and obtain remote code execution on the system. The issue is fixed in version 3.2.16.

Language: PHP

Severity Score

8.2

Related Resources (2)

Url: https://github.com/ericferon/glpi-archimap/commit/2a1cded24a55c026a197c07287bd46f6902c8183

Url: https://www.mend.io/vulnerability-database/WS-2022-0403

Severity Score

8.2

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version v3.2.16

Learn More

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2022-0403

Good to know:

Date: November 15, 2022

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?