Search criteria
1 vulnerability by surpass_project
CVE-2015-10030 (GCVE-0-2015-10030)
Vulnerability from cvelistv5 – Published: 2023-01-08 09:27 – Updated: 2025-04-09 14:42
VLAI
Title
SUKOHI Surpass Surpass.php pathname traversal
Summary
A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability.
Severity
5.5 (Medium)
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-21 - Pathname Traversal
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.217642 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.217642 | signaturepermissions-required |
| https://github.com/SUKOHI/Surpass/commit/d22337d4… | patch |
| https://github.com/SUKOHI/Surpass/releases/tag/1.0.0 | patch |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:25.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.217642"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.217642"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SUKOHI/Surpass/commit/d22337d453a2a14194cdb02bf12cdf9d9f827aa7"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SUKOHI/Surpass/releases/tag/1.0.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2015-10030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:41:47.587251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T14:42:24.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Surpass",
"vendor": "SUKOHI",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In SUKOHI Surpass wurde eine kritische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei src/Sukohi/Surpass/Surpass.php. Durch das Manipulieren des Arguments dir mit unbekannten Daten kann eine pathname traversal-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d22337d453a2a14194cdb02bf12cdf9d9f827aa7 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-21",
"description": "CWE-21 Pathname Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T07:55:24.511Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.217642"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.217642"
},
{
"tags": [
"patch"
],
"url": "https://github.com/SUKOHI/Surpass/commit/d22337d453a2a14194cdb02bf12cdf9d9f827aa7"
},
{
"tags": [
"patch"
],
"url": "https://github.com/SUKOHI/Surpass/releases/tag/1.0.0"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-01-08T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-01-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-01-30T08:42:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "SUKOHI Surpass Surpass.php pathname traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2015-10030",
"datePublished": "2023-01-08T09:27:12.135Z",
"dateReserved": "2023-01-08T09:26:00.394Z",
"dateUpdated": "2025-04-09T14:42:24.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}