Path Traversal Vulnerability Affects Mortgage Application
CVE-2022-45368

7.7HIGH

Key Information:

Vendor: WordPress
Status: 1003 Mortgage Application
Vendor: CVE Published:; 17 May 2024

What is CVE-2022-45368?

An improper limitation of a pathname vulnerability exists in the Lenderd 1003 Mortgage Application, which allows for relative path traversal. This flaw can potentially grant attackers access to restricted directories, leading to unauthorized information exposure and security risks. The issue affects version 1.75 and all prior versions of the 1003 Mortgage Application, highlighting the importance of timely updates and security patches to mitigate potential exploits.

Affected Version(s)

1003 Mortgage Application <= 1.75

References

https://patchstack.com/database/vulnerability/1003-mortga...

vdb-entry

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Nov 14, 2022

Credit

Rodrigo Escobar - ipax (Patchstack Alliance)