Vulnerability Description
Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Skyjos | Owlfiles | 12.0.1 |
| Apple | Ipados | - |
| Apple | Iphone Os | - |
| Apple | Macos | - |
| Apple | Tvos | - |
| Apple | Visionos | - |
Related Weaknesses (CWE)
References
- https://apps.apple.com/us/app/owlfiles-file-manager/id510282524Product
- https://www.exploit-db.com/exploits/51036Exploit
- https://www.skyjos.com/Product
- https://www.vulncheck.com/advisories/owlfiles-file-manager-path-traversalThird Party Advisory
- https://www.exploit-db.com/exploits/51036Exploit
FAQ
What is CVE-2022-50890?
CVE-2022-50890 is a vulnerability with a CVSS score of 7.5 (HIGH). Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting...
How severe is CVE-2022-50890?
CVE-2022-50890 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-50890?
Check the references section above for vendor advisories and patch information. Affected products include: Skyjos Owlfiles, Apple Ipados, Apple Iphone Os, Apple Macos, Apple Tvos.