TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| nilsteampassnet/teampass(Packagist) | 0 | N/A | N/A |
CVSS Metrics
