What the vulnerability does
01Description
Path Traversal: '.../...//' vulnerability in VaultDweller Leyka leyka allows PHP Local File Inclusion.This issue affects Leyka: from n/a through <= 3.32.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
What the vulnerability does
Path Traversal: '.../...//' vulnerability in VaultDweller Leyka leyka allows PHP Local File Inclusion.This issue affects Leyka: from n/a through <= 3.32.1.
Explanation of Vulnerability in Simple Terms
Leyka versions up to 3.32.1 contain a vulnerability that allows an attacker to read sensitive data, modify site content, or disrupt service availability. The attack requires network access and user interaction—typically the victim must click a malicious link or visit a compromised page. The exact mechanism is unclear due to incomplete vulnerability classification. Update to version 3.32.2 or later.
What an attacker can do
Read sensitive data, modify site content, or cause the site to become unavailable.
Potential impact on your site
Your site's data could be exposed, content altered, or service disrupted if a user visits a malicious link.
Conditions required to exploit
Network access and the victim must click a link or visit a page controlled by the attacker.
Key dates
External resources