CVE-2022-0855

Published: Mar 4, 2022Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4.

Affected (1)

Products: Microweber: Whmcs

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microweber Whmcs	Before 0.0.4

Related CWEs

Improper Resolution of Path Equivalence

The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.

Use of Incorrectly-Resolved Name or Reference

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

References (4)

https://github.com/microweber-dev/whmcs_plugin/commit/2e7a11d332db79cc52ccda00455a15f4dc6147ff

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/511879b0-cdaa-4c03-af92-deb54d46284a

Source: security@huntr.dev

ExploitPatchThird Party Advisory

https://github.com/microweber-dev/whmcs_plugin/commit/2e7a11d332db79cc52ccda00455a15f4dc6147ff

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://huntr.dev/bounties/511879b0-cdaa-4c03-af92-deb54d46284a

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.