← volver
CVE-2022-41951

OroPlatform vulnerable to path traversal during temporary file manipulations

CVSS 8.6 HIGHEPSS 0.9%CWE-22
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.6EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
27 nov 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Productos afectados
oroinc · platform

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937