
Find real vulnerabilities before they ship
nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7.
Base Score
5.7| Base Score | 5.7 |
|---|---|
| Vector String | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N |
| Base Severity | Medium |
| Version | 3.0 |
| Attack Vector (AV) | NETWORK |