CVE-2025-26353

Medium

A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote…

Nozomi·CWE-35·Published 2025-02-12

CVSS

4.9

EPSS

0.01

KEV

Exploits

cve.orgen

198 chars

A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.

NVDen

198 chars

A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.

Un CWE-35 "Path Traversal" en maxtime/api/sql/sql.lua en Q-Free MaxTime menor o igual a la versión 2.11.0 permite a un atacante remoto autenticado leer archivos confidenciales a través de solicitudes HTTP manipulado.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	4.9	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
3.1	Secondary	NVD	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N