CVE-2020-12479

HIGH

8.8

CVSS Severity Score

EPSS Score0.0470%

EPSS Percentile1.16th

Published2020年4月29日

Last Modified2024年11月21日

Vulnerability Description

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.

Affected Platforms (CPE)

📦

Teampass

= 2.1.27.36

References & Advisories

🔗 https://github.com/nilsteampassnet/TeamPass/issues/2762

相關漏洞威脅

CVE-2019-10000019.8

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults t...

CVE-2015-75649.8

Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via...

CVE-2017-94369.8

TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.

CVE-2015-75638.8

Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authenticatio...