{
  "id": "CVE-2022-31372",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-06-16T14:15:09.070",
  "lastModified": "2022-06-28T16:41:21.447",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile parameter. This vulnerability is exploited via a crafted request to the resource handler."
    },
    {
      "lang": "es",
      "value": "Se ha detectado que Wiris Mathtype versi\u00f3n v7.28.0, contiene una vulnerabilidad de salto de ruta en el par\u00e1metro resourceFile. Esta vulnerabilidad es explotada por medio de una petici\u00f3n dise\u00f1ada al manejador de recursos"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:wiris:mathtype:7.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61B6F17E-507F-44D4-AA7C-34DF0BC60068"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/wiris/moodle-filter_wiris/commit/037ce9c1d9b9642689a332b6ebee8eaf0a737576",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ]
    }
  ]
}