What the vulnerability does
01Description
Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
What the vulnerability does
Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.
Explanation of Vulnerability in Simple Terms
Groundhogg versions up to 4.4 contain a path traversal vulnerability that allows authenticated users to cause a denial of service by disrupting site availability. An attacker with low-level access can exploit this flaw over the network without user interaction. The vulnerability affects the entire application scope, making it a significant risk for multi-tenant or shared environments.
What an attacker can do
Authenticated user can disrupt site availability through path traversal exploitation.
Potential impact on your site
Site availability can be disrupted by authenticated attackers; upgrade immediately to prevent downtime.
Conditions required to exploit
Attacker must have a low-privilege account on the site; no user interaction required.
Key dates
External resources
Related vulnerabilities