CVE Details
Basic Information
| Title | YFCMF Ajax.php path traversal |
|---|---|
| Type | cve |
| Published | 2023-06-02T12:31:03.252Z |
| Modified | 2024-08-02T06:41:04.179Z |
Product Information
| Vendor | n/a |
|---|---|
| Product | YFCMF |
| Version | 3.0.0 |
CVSS Information
| Base Score | 4.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
AI Analysis
| AI Description | A path traversal vulnerability in YFCMF’s Ajax.php file allows remote attackers to access unauthorized files by manipulating the controllername argument. This could potentially lead to more severe consequences if exploited further. |
|---|---|
| AI Severity | Medium |
| AI Vendor | YFCMF Community |
| AI Product | YFCMF |
| AI Version | 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4 |
Affected Products
- n/a YFCMF 3.0.0
- n/a YFCMF 3.0.1
- n/a YFCMF 3.0.2
- n/a YFCMF 3.0.3
- n/a YFCMF 3.0.4
Additional Information
| CWE List | CWE-24 |
|---|---|
| Source | VulDB |
Description
A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: ‘../filedir’. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230543.