CVE-2021-47921

Description

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access unauthorized system paths.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

None

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

Author: Scott Ferreira / Free Photo & Video Vault - WiFi Transfe‪r0.0.2 – 0.0.2

References

MISChttps://www.vulnerability-lab.com/get_content.php?id=2271
VENDOR_ADVISORYhttps://apps.apple.com/us/app/free-photo-video-vault-wifi-transfer/id981034501
VENDOR_ADVISORYhttps://www.vulncheck.com/advisories/free-photo-video-vault-directory-traversal-vulnerability-via-web-request