CVE-2022-41951
HIGHOroPlatform < 5.0.9 - Path Traversal via FileManager::getTemporaryFileName
Title source: llmDescription
OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937
Scores
CVSS v3
8.5
EPSS
0.0095
EPSS Percentile
56.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (2)
oro/platform
4.1.0Packagist
oroinc/oroplatform
< 5.0.9
Published
Nov 27, 2023
Tracked Since
Feb 18, 2026