CVE-2023-7098

LOW

Easyimages2.0 - Path Traversal

Title source: rule

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in icret EasyImages 2.8.3. This vulnerability affects unknown code of the file app/hide.php. The manipulation of the argument key leads to path traversal: '../filedir'. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-248950 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References (3)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.248950

[Permissions Required, Third Party Advisory, VDB Entry] https://vuldb.com/?ctiid.248950

[Broken Link] https://note.zhaoj.in/share/MHnV2WLY9rxU

Scores

CVSS v3 3.1

EPSS 0.0014

EPSS Percentile 33.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-24

Status published

Products (1)

easyimages2.0_project/easyimages2.0 2.8.3

Published Dec 25, 2023

Tracked Since Feb 18, 2026