What the vulnerability does
01Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway totalprocessing-card-payments allows Path Traversal.This issue affects Nomupay Payment Processing Gateway: from n/a through <= 7.1.7.
Explanation of Vulnerability in Simple Terms
02Summary
Nomupay Payment Processing Gateway versions up to 7.1.7 contain a path traversal vulnerability that allows authenticated administrators to read arbitrary files from the server. An attacker with high-level administrative access can bypass directory restrictions and access sensitive files outside the intended application directory. This affects confidentiality but not system integrity or availability.
What an attacker can do
03Attacker Capabilities
Read arbitrary files from the server filesystem.
Potential impact on your site
04Site Impact
Administrators with malicious intent or compromised admin accounts can access sensitive configuration files, database credentials, and other confidential data stored on the server.
Conditions required to exploit
05Prerequisites
Attacker must have high-level administrative privileges on the Nomupay installation.
Key dates
06Disclosure timeline
May 23, 2025
CVE published
May 12, 2026
Record updated