What the vulnerability does
01Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms piotnetforms.This issue affects Piotnet Forms: from n/a through <= 1.0.30.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms piotnetforms.This issue affects Piotnet Forms: from n/a through <= 1.0.30.
Explanation of Vulnerability in Simple Terms
Piotnet Forms versions 1.0.30 and earlier contain a path traversal vulnerability that allows high-privilege users to read files outside the intended directory. An attacker with administrative access can craft requests to access sensitive files on the server. The vulnerability requires high privileges and does not allow file modification or system availability impact.
What an attacker can do
Read files outside the intended directory on the server.
Potential impact on your site
Administrators with malicious intent or compromised admin accounts can access sensitive server files.
Conditions required to exploit
Attacker must have high-level administrative privileges on the site.
Key dates
External resources