CVE-2022-43264

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-43264
Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via a crafted web request.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.pizzapower.me/2022/10/11/guitar-pro-directory-traversal-and-filename-xss/ Exploit Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:guitar-pro:guitar_pro:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:guitar-pro:guitar_pro:*:*:*:*:*:ipad_os:*:*
Information

Published : 2022-11-16 07:15

Updated : 2022-11-17 20:43

NVD link : CVE-2022-43264

Mitre link : CVE-2022-43264

JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa
Products Affected

guitar-pro

  • guitar_pro