CVE-2022-22914

Published
View on NVD ↗
CVSS v3
7.5
HIGH
CVSS v2
5
MEDIUM
Affected
1
PROJECT

Description

An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal.

albadotpy/ovidentia-information-disclosure-on-upload-directory-content
albadotpy/ovidentia-information-disclosure-on-upload-directory-content
Incorrect Access Control in FileManager in Ovidentia CMS 6.0 allows remote unauthenticated users to view and download content (information disclosure) in the upload directory via path traversal. Tested on version 6.0, this version is vulnerable.
GitLabGitLab