Vulnerabilities (CVE)

Filtered by vendor Tipask Subscribe
Filtered by product Tipask
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-41714 1 Tipask 1 Tipask 2024-11-21 4.0 MEDIUM 7.7 HIGH
In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage.