Vulnerability in N/a
CVE-2018-7490
uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.
EPSS: 0.932 (99.8th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
References
- 44223 (exploit, x_refsource_EXPLOIT-DB)
- DSA-4142 (vendor-advisory, x_refsource_DEBIAN)
- uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.17.html (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2018-7490?
- CVE-2018-7490 is a vulnerability in N/a. Published 2018-02-26.
- Is CVE-2018-7490 known to be exploited?
- 21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.