CVE-2023-0454

Description

OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path.

Related CPE's

Could not find any relations

References

https://fluidattacks.com/advisories/slushii/

https://github.com/Orangescrum/orangescrum/

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io