Vulnerability Description
A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hubzilla | Hubzilla | < 7.2 |
Related Weaknesses (CWE)
References
- https://framagit.org/hubzilla/core/-/commit/0784cd593a39a4fc297e8a82f7e79bc8019aPatchThird Party Advisory
- https://hubzilla.org/channel/hubzilla/Release NotesVendor Advisory
- https://volse.net/~haraldei/infosec/disclosures/hubzilla-before-7-2-multiple-vulExploitThird Party Advisory
- https://framagit.org/hubzilla/core/-/commit/0784cd593a39a4fc297e8a82f7e79bc8019aPatchThird Party Advisory
- https://hubzilla.org/channel/hubzilla/Release NotesVendor Advisory
- https://volse.net/~haraldei/infosec/disclosures/hubzilla-before-7-2-multiple-vulExploitThird Party Advisory
FAQ
What is CVE-2022-27256?
CVE-2022-27256 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.
How severe is CVE-2022-27256?
CVE-2022-27256 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-27256?
Check the references section above for vendor advisories and patch information. Affected products include: Hubzilla Hubzilla.