CVE-2019-19683

Published December 9th, 2019

View on NVD ↗

CVSS v3

9.1

CRITICAL

CVSS v2

HIGH

Affected

PROJECT

Description

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs.

klezVirus/cves

Public Advisories Redirector

GitHub