Local File Enumeration Vulnerability in Firefly III 4.7.17.3

Local File Enumeration Vulnerability in Firefly III 4.7.17.3

CVE-2019-14671 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints.

Learn more about our Web Application Penetration Testing UK.