CVE-2018-20631

MEDIUM

Website Seller Script 2.0.5 - Path Traversal via Arbitrary Image URL Request

Title source: llm
STIX 2.1

Description

PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://gkaim.com/cve-2018-20631-vikas-chaudhary/

Scores

CVSS v3 5.3
EPSS 0.0163
EPSS Percentile 73.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
website_seller_script_project/website_seller_script 2.0.5
Published Mar 21, 2019
Tracked Since Feb 18, 2026