CVE-2024-47049

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-22
View all →

Vulnerability Description

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files.

Related Vulnerabilities

CVE-2017-2627

HIGH
CVSS:8.2(High)

A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. I...

CWE-222017

CVE-2018-1000863

HIGH
CVSS:8.2(High)

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improp...

CWE-222018

CVE-2019-10185

HIGH
CVSS:8.2(High)

It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary ...

CWE-222019

CVE-2019-11608

HIGH
CVSS:8.2(High)

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive informatio...

CWE-222019

CVE-2019-11609

HIGH
CVSS:8.2(High)

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information ...

CWE-222019

CVE-2021-27278

HIGH
CVSS:8.2(High)

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code ...

CWE-222021