CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25579

phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the path parameter. Attackers can send requests to the jQueryFileUploadmaster server endpoint with traversal sequences ../../../../../../ to list and retrieve files outside the intended directory.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.6%

CVSS Severity

CVSS v3 Score 7.5

References

http://phptransformer.com/
https://netcologne.dl.sourceforge.net/project/phptransformer/Version%202016.9/release_2016.9.zip
https://www.exploit-db.com/exploits/46192
https://www.vulncheck.com/advisories/phptransformer-directory-traversal-via-jqueryfileupload

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25579

Products

Pricing

Contact Us