Description

The web application uses Total.js framework. Total.js before 3.2.4 has a directroy traversal vulnerability. An attacker can craft a request that accesses potentially sensitive information on the server, that may lead to takeover of the server.

Remediation

Upgrade to the latest version of Total.js

References

Total.js Directory Traversal: try this at home

Related Vulnerabilities

WordPress Plugin Media File Manager Multiple Vulnerabilities (1.4.2)

WordPress 4.6 Multiple Vulnerabilities (4.6)

WordPress Plugin Import and export users and customers Directory Traversal (1.14.2)

WordPress Plugin Buddypress Component Stats Local File Inclusion (1.0)

XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3296)

Severity

High

Classification

CVE-2019-8903 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal