Primary

Context

phpTransformer Directory Traversal Vulnerability

Vulnerability

A directory traversal vulnerability has been identified in phpTransformer version 2016.9. This vulnerability allows unauthenticated attackers to access arbitrary files by manipulating the path parameter. Exploitation involves sending requests to the jQueryFileUploadmaster server endpoint with traversal sequences to list and retrieve files outside the intended directory.

Impact

Exploitation of this vulnerability allows for unauthorized access to files on the server, which could include sensitive information or application configuration.

Reproduction

To reproduce this vulnerability, send a request to the jQueryFileUploadmaster server endpoint's php index.php file, including a path parameter that uses directory traversal sequences to navigate outside the intended directory. The server response will include a list of files accessed through the traversal.

Added: Mar 21, 2026, 4:19 PM

Updated: Mar 21, 2026, 4:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

8.7

remediation

0.0

relevance

4.2

threat

6.5

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

8.7

remediation

0.0

relevance

4.2

threat

6.5

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

phpTransformer Directory Traversal Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating