CVE-2022-25769

CRITICAL Year: 2022
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-1284
View all →

Vulnerability Description

ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.

Related Vulnerabilities

CVE-2021-31345

CRITICAL
CVSS:9.1(Critical)

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). The total leng...

CWE-12842021

CVE-2021-31346

CRITICAL
CVSS:9.1(Critical)

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNE...

CWE-12842021

CVE-2023-25731

HIGH
CVSS:8.8(High)

Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affec...

CWE-12842023

CVE-2022-28199

HIGH
CVSS:8.6(High)

NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to ca...

CWE-12842022

CVE-2024-8887

HIGH
CVSS:8.6(High)

CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login pa...

CWE-12842024

CVE-2008-2374

CRITICAL
CVSS:9.8(Critical)

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to ...

CWE-12842008