An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| hashbrown-cms(npm) | 0 | 1.3.2 | N/A |
CVSS Metrics
