CVE-2019-8903
HIGH NUCLEITotal.js prior to 3.2.4 Directory Traversal
Title source: metasploitDescription
index.js in Total.js Platform before 3.2.3 allows path traversal.
Exploits (1)
metasploit
WORKING POC
by Riccardo Krauter, Fabio Cogno · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/totaljs_traversal.rb
Nuclei Templates (1)
Totaljs <3.2.3 - Local File Inclusion
HIGHby madrobot
References (3)
Scores
CVSS v3
7.5
EPSS
0.5325
EPSS Percentile
98.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
npm/total.js
0 - 3.2.3npm
totaljs/total.js
< 3.2.3
Published
Feb 18, 2019
Tracked Since
Feb 18, 2026