CVE-2022-22914
HIGHOvidentia CMS 6.0 - Authenticated Path Traversal in FileManager
Title source: llmDescription
An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal.
References (2)
Core 2
Core References
Broken Link, Not Applicable x_refsource_misc
http://ovidentia.com
Exploit, Third Party Advisory x_refsource_misc
https://gitlab.com/albadotpy/ovidentia-information-disclosure-on-upload-directory-content
Scores
CVSS v3
7.5
EPSS
0.0074
EPSS Percentile
73.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
ovidentia/ovidentia
6.0.0
Published
Feb 17, 2022
Tracked Since
Feb 18, 2026