CVE-2022-41951
- Source
- https://cve.org/CVERecord?id=CVE-2022-41951
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41951.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-41951
- Aliases
- Published
- 2023-11-27T20:27:33.911Z
- Modified
- 2025-12-04T10:39:16.163685Z
- Severity
-
- 8.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- OroPlatform vulnerable to path traversal during temporary file manipulations
- Details
-
OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in
Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9. - Database specific
{ "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41951.json", "cwe_ids": [ "CWE-22" ] }- References
Affected packages
Git / github.com/oroinc/platform
Affected ranges
- Type
- GIT
- Repo
- https://github.com/oroinc/platform
- Events
-
IntroducedLast affected
- Database specific
{ "versions": [ { "introduced": "4.1.0" }, { "last_affected": "4.1.13" } ] }