CVE-2015-10030

A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability.

CVSS v3.0 5.3 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://vuldb.com/?ctiid.217642	Permissions Required Third Party Advisory
https://vuldb.com/?id.217642	Permissions Required Third Party Advisory
https://github.com/SUKOHI/Surpass/commit/d22337d453a2a14194cdb02bf12cdf9d9f827aa7	Patch Third Party Advisory
https://github.com/SUKOHI/Surpass/releases/tag/1.0.0	Release Notes Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:surpass_project:surpass:*:*:*:*:*:*:*:*

Information

Published : 2023-01-08 02:15

Updated : 2023-01-12 08:54

NVD link : CVE-2015-10030

Mitre link : CVE-2015-10030

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Products Affected

surpass_project

surpass

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://vuldb.com/?ctiid.217642", "name": "https://vuldb.com/?ctiid.217642", "tags": ["Permissions Required", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://vuldb.com/?id.217642", "name": "https://vuldb.com/?id.217642", "tags": ["Permissions Required", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/SUKOHI/Surpass/commit/d22337d453a2a14194cdb02bf12cdf9d9f827aa7", "name": "https://github.com/SUKOHI/Surpass/commit/d22337d453a2a14194cdb02bf12cdf9d9f827aa7", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/SUKOHI/Surpass/releases/tag/1.0.0", "name": "https://github.com/SUKOHI/Surpass/releases/tag/1.0.0", "tags": ["Release Notes", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-10030", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}}, "publishedDate": "2023-01-08T10:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:surpass_project:surpass:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-01-12T16:54Z"}

5.3 /10