CyberSec.Space Logo
Back to CVE Browser

CVE-2020-12479

HIGH
8.8
CVSS Severity Score
EPSS Score0.0470%
EPSS Percentile1.16th
PublishedApr 29, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.

Affected Platforms (CPE)

📦
Teampass

Teampass

= 2.1.27.36

References & Advisories

🔗 https://github.com/nilsteampassnet/TeamPass/issues/2762
🔗 https://github.com/nilsteampassnet/TeamPass/issues/2762

Related Vulnerabilities

CVE-2019-10000019.8

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults t...

CVE-2015-75649.8

Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via...

CVE-2017-94369.8

TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.

CVE-2015-75638.8

Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authenticatio...