What the vulnerability does
01Description
Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
What the vulnerability does
Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
Explanation of Vulnerability in Simple Terms
FastDup versions up to 2.7.2 contain a vulnerability that allows an attacker to read sensitive data, modify site content, or disrupt service. The attack requires user interaction—typically clicking a malicious link—but no authentication. The impact extends beyond the vulnerable component itself. Update to version 2.7.3 or later.
What an attacker can do
Read sensitive data, modify site content, or disrupt service by tricking a user into clicking a malicious link.
Potential impact on your site
Site visitors could be compromised, data stolen, or the site taken offline without warning.
Conditions required to exploit
User must click a malicious link or visit an attacker-controlled page; no login required.
Key dates
External resources
Related vulnerabilities