CVE-2022-22914

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-22914
An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://ovidentia.com Broken Link Not Applicable
https://gitlab.com/albadotpy/ovidentia-information-disclosure-on-upload-directory-content Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ovidentia:ovidentia:6.0.0:*:*:*:*:*:*:*
History

25 Feb 2022, 17:54

Type Values Removed Values Added
References (MISC) http://ovidentia.com - (MISC) http://ovidentia.com - Broken Link, Not Applicable
References (MISC) https://gitlab.com/albadotpy/ovidentia-information-disclosure-on-upload-directory-content - (MISC) https://gitlab.com/albadotpy/ovidentia-information-disclosure-on-upload-directory-content - Exploit, Third Party Advisory
CPE cpe:2.3:a:ovidentia:ovidentia:6.0.0:*:*:*:*:*:*:*
First Time Ovidentia
Ovidentia ovidentia
CWE CWE-22
CVSS v2 : unknown
v3 : unknown 		v2 : 5.0
v3 : 7.5

17 Feb 2022, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-02-17 21:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-22914

Mitre link : CVE-2022-22914

CVE.ORG link : CVE-2022-22914

JSON object : View

Products Affected

ovidentia

  • ovidentia
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')