Vulnerability Details CVE-2019-25579
phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the path parameter. Attackers can send requests to the jQueryFileUploadmaster server endpoint with traversal sequences ../../../../../../ to list and retrieve files outside the intended directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.031
EPSS Ranking 87.0%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2019-25579
-
cpe:2.3:a:codnloc:phptransformer:2016.9