CVE-2022-41712: Path Traversal
First published: Fri Nov 25 2022(Updated: )
Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Frappe LMS | =14.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the Frappe version 14.10.0 vulnerability?
The vulnerability ID for the Frappe version 14.10.0 vulnerability is CVE-2022-41712.
What is the severity of CVE-2022-41712?
The severity of CVE-2022-41712 is medium (6.5).
How does the Frappe version 14.10.0 vulnerability occur?
The Frappe version 14.10.0 vulnerability occurs because the application does not correctly validate the information injected by the user in the import_file parameter.
What software is affected by CVE-2022-41712?
The Frappe version 14.10.0 software is affected by CVE-2022-41712.
How can I fix the Frappe version 14.10.0 vulnerability?
To fix the Frappe version 14.10.0 vulnerability, update to a version of Frappe that contains the necessary security patches.
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/frappe
- canonical/frappe lms
- version/frappe lms/14.10.0