CVE-2022-31372

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-31372
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31372.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-31372
Published
2022-06-16T14:15:09.070Z
Modified
2026-04-10T04:48:00.756028Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile parameter. This vulnerability is exploited via a crafted request to the resource handler.

References

Affected packages

Git / github.com/wiris/moodle-filter_wiris

Affected ranges

Type
GIT
Repo
https://github.com/wiris/moodle-filter_wiris
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c55e39c8f093dfc384951fe512d4e9a46cdb7144
Fixed
037ce9c1d9b9642689a332b6ebee8eaf0a737576
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.28.0"
        }
    ]
}

Affected versions

4.*
4.2.0
7.*
7.19.0-beta.2
7.19.0-beta.4
v.*
v.3.57.0.1169
v.3.57.0.1170
v.3.57.1.1171
v.3.57.2.1301
v.3.57.2.1303
v.3.57.3.1305
v.3.58.0.1306
v.3.59.0.1309
v.3.59.1.1310
v.3.61.0.1317
v.3.61.1.1318
v.3.61.2.1319
v.3.62.0.1320
v.3.62.1.1322
v.3.63.1.1322
v.3.64.0.1325
v.4.1.0.1357
v.4.1.1.1360
v.4.1.1.1361
v.4.10.0
v.4.11.0
v.4.12.0
v.4.2.0
v.4.3.0
v.4.3.1
v.4.4.0
v.4.4.1
v.4.5.0
v.4.6.0
v.4.7.0
v.4.8.0
v.4.8.1
v.4.9.0
v.4.9.1
v.7.0.0
v.7.1.0
v.7.10.0
v.7.11.0
v.7.12.0
v.7.13.0
v.7.14.0
v.7.15.0
v.7.16.0
v.7.17.0
v.7.18.0
v.7.19.0-beta.0
v.7.2.0
v.7.21.0
v.7.26.0
v.7.26.1
v.7.27.0
v.7.27.1
v.7.28.0
v.7.3.0
v.7.4.0
v.7.5.0
v.7.6.0
v.7.6.1
v.7.7.0
v.7.7.1
v.7.7.2
v.7.8.0
v.7.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31372.json"