What the vulnerability does
01Description
Path Traversal: '.../...//' vulnerability in Ihor Kit Morkva UA Shipping morkva-ua-shipping allows PHP Local File Inclusion.This issue affects Morkva UA Shipping: from n/a through <= 1.0.18.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Path Traversal: '.../...//' vulnerability in Ihor Kit Morkva UA Shipping morkva-ua-shipping allows PHP Local File Inclusion.This issue affects Morkva UA Shipping: from n/a through <= 1.0.18.
Explanation of Vulnerability in Simple Terms
Morkva UA Shipping versions up to 1.0.18 contain a vulnerability that allows an attacker to read sensitive data, modify site content, or disrupt service availability. The vulnerability requires network access and high attack complexity but no authentication. The exact nature of the flaw is unclear due to incomplete vulnerability classification data.
What an attacker can do
Read sensitive data, modify site content, or disrupt service availability without authentication.
Potential impact on your site
If your site uses Morkva UA Shipping ≤1.0.18, an attacker could compromise data confidentiality, integrity, or availability.
Conditions required to exploit
Network access; no user authentication required, but attack complexity is high.
Key dates
External resources