CVE-2015-10030 – sukohi/surpass

Package

Manager: composer
Name: sukohi/surpass
Vulnerable Version: >=0 <1.0.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00072 pctl0.22574

Details

SUKOHI Surpass Path Traversal vulnerability A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file `src/Sukohi/Surpass/Surpass.php`. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 can address this issue. The name of the patch is d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability.

Metadata

Created: 2023-01-08T12:30:24Z
Modified: 2023-01-12T23:41:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-c9pw-f4wp-22jr/GHSA-c9pw-f4wp-22jr.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-c9pw-f4wp-22jr
Finding: F063
Auto approve: 1