Vulnerability Details CVE-2020-29050
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2020-29050
-
cpe:2.3:a:sphinxsearch:sphinx:3.0.1
-
cpe:2.3:a:sphinxsearch:sphinx:3.0.2
-
cpe:2.3:a:sphinxsearch:sphinx:3.0.3
-
cpe:2.3:a:sphinxsearch:sphinx:3.1.1
-
cpe:2.3:o:debian:debian_linux:9.0