Vulnerability Database

308,379

Total vulnerabilities in the database

CVE-2022-41951

OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.

Published: Nov 27, 2023
Updated: Nov 16, 2025
CVE: CVE-2022-41951
GHSA: GHSA-9v3j-4j64-p937
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.5
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
oro / platform	4.1.0	4.1.13.x
oro / platform	4.2.0	4.2.10.x
oro / platform	5.0.0	5.0.8
oroinc / oroplatform	-	5.0.9

https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo