CVE-2021-47978

ProcessMaker 3.5.4 Local File Inclusion via Path Traversal

CVSS 6.9 MEDIUMEPSS 0.8%CWE-98

ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send requests with directory traversal sequences to access sensitive system files like /etc/passwd without authentication.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

Processmaker · ProcessMaker

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/50229no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.exploit-db.com/exploits/50229 https://www.processmaker.com/https://www.vulncheck.com/advisories/processmaker-local-file-inclusion-via-path-traversal