Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.07343
Percentile: 0.91253

CVSS Scoring

Affected Products

• cpe:2.3:a:pico_server:pico_server:3.0:*:*:*:*:*:*:*
• cpe:2.3:a:pico_server:pico_server:3.0_beta_3:*:*:*:*:*:*:*
• cpe:2.3:a:pico_server:pico_server:3.1:*:*:*:*:*:*:*
• cpe:2.3:a:pico_server:pico_server:3.2:*:*:*:*:*:*:*

← Back to Home