FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2022-4511

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Published: Dec 15, 2022 / Updated: 23mo ago

010
CVSS 7.5EPSS 0.09%High
CVE info copied to clipboard

A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2022-4511. See article

Dec 15, 2022 at 8:48 AM / vuldb.com
EPSS

EPSS Score was set to: 0.09% (Percentile: 35.9%)

Sep 22, 2023 at 7:19 AM
Static CVE Timeline Graph

Affected Systems

Docsys_project/docsys
+null more

Exploits

https://gitee.com/RainyGao/DocSys/issues/I66A3V
+null more

Attack Patterns

CAPEC-126: Path Traversal
+null more

News

CVE-2022-4511 Exploit
inTheWild.io Exploits / 23mo
CVE Id : CVE-2022-4511 Published Date: 2022-12-20T20:27:00+00:00 A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851.
CVE-2022-4511 (docsys)
Latest articles about All products / 23mo
The associated identifier of this vulnerability is VDB-215851. CVSS 3.x Severity and Metrics:
CVE-2022-4511
r/netcve / 23mo
submitted by /u/CVEreport [link] [comments]
CVE-2022-4511
National Vulnerability Database / 23mo
A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851.
CVE-2022-4511
CyberFishNews / 23mo
A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit...
See 4 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

CVSS 7.5(51562)CWE-22(6658)CWE-23(196)CWE-24(56)Docsys project(2)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial