Vulnerability Details : CVE-2022-36243
Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm.
Vulnerability category: Directory traversal
Products affected by CVE-2022-36243
- Shopbeat » Shop Beat Media Player » For ARMVersions from including (>=) 2.5.95 and before (<) 3.2.57cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:*
Exploit prediction scoring system (EPSS) score for CVE-2022-36243
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-36243
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-01-13 |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2022-36243
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
-
A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.Assigned by: support@shopbeat.co.za (Secondary)
References for CVE-2022-36243
-
https://www.shopbeat.co.za
Shop Beat - Giving Your Shop A BeatProduct
Jump to