How severe is CVE-2018-25094?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2018-25094?

This is classified as CWE-24, which is a common weakness in software security.

CVE-2018-25094

HIGH Year: 2018

CVSS v3 Score

7.5

High

CVSS v2 Score

2.7

Low

Weakness Type

CWE-24

View all →

Vulnerability Description

A vulnerability was found in ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 9d9618422b980335bb30be612ea90f4f56cb992c. It is recommended to upgrade the affected component. The identifier VDB-246641 was assigned to this vulnerability.

CVE-2014-125033

HIGH

CVSS:7.5(High)

A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipula...

CWE-242014

CVE-2019-25087

HIGH

CVSS:7.5(High)

A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler....

CWE-242019

CVE-2020-9708

HIGH

CVSS:7.5(High)

The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access o...

CWE-242020

CVE-2021-29466

HIGH

CVSS:7.5(High)

Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information...

CWE-242021

CVE-2023-3239

HIGH

CVSS:7.5(High)

A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument im...

CWE-242023

CVE-2024-0341

HIGH

CVSS:7.5(High)

A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Reques...

CWE-242024

CVE-2018-25094

Vulnerability Description

Related Vulnerabilities

CVE-2014-125033

CVE-2019-25087

CVE-2020-9708

CVE-2021-29466

CVE-2023-3239

CVE-2024-0341