{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2015-10030","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-01-08T09:26:00.394Z","datePublished":"2023-01-08T09:27:12.135Z","dateUpdated":"2025-04-09T14:42:24.082Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-10-20T07:55:24.511Z"},"title":"SUKOHI Surpass Surpass.php pathname traversal","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-21","lang":"en","description":"CWE-21 Pathname Traversal"}]}],"affected":[{"vendor":"SUKOHI","product":"Surpass","versions":[{"version":"n/a","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability."},{"lang":"de","value":"In SUKOHI Surpass wurde eine kritische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei src/Sukohi/Surpass/Surpass.php. Durch das Manipulieren des Arguments dir mit unbekannten Daten kann eine pathname traversal-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.0.0 vermag dieses Problem zu lösen. Der Patch wird als d22337d453a2a14194cdb02bf12cdf9d9f827aa7 bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":5.5,"vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":5.5,"vectorString":"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5.2,"vectorString":"AV:A/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2023-01-08T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-01-08T00:00:00.000Z","lang":"en","value":"CVE reserved"},{"time":"2023-01-08T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-01-30T08:42:46.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"VulDB GitHub Commit Analyzer","type":"tool"}],"references":[{"url":"https://vuldb.com/?id.217642","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.217642","tags":["signature","permissions-required"]},{"url":"https://github.com/SUKOHI/Surpass/commit/d22337d453a2a14194cdb02bf12cdf9d9f827aa7","tags":["patch"]},{"url":"https://github.com/SUKOHI/Surpass/releases/tag/1.0.0","tags":["patch"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T08:58:25.537Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.217642","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.217642","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/SUKOHI/Surpass/commit/d22337d453a2a14194cdb02bf12cdf9d9f827aa7","tags":["patch","x_transferred"]},{"url":"https://github.com/SUKOHI/Surpass/releases/tag/1.0.0","tags":["patch","x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-09T14:41:47.587251Z","id":"CVE-2015-10030","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-09T14:42:24.082Z"}}]}}