Primary

Context

Bagisto Path Traversal Vulnerability in ImageCacheController Component Allowing Arbitrary File Read

Vulnerability

Patched

A path traversal vulnerability has been identified in Bagisto version 2.4.1. This issue arises from inadequate validation of user input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter, potentially accessing sensitive files outside the intended directory on the targeted system. Successful exploitation could lead to the unauthorized reading of arbitrary files, including application configuration files, database credentials, API keys, and other sensitive information.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of sensitive files on the affected system, including application configurations and credentials.

Remediation

Users are advised to upgrade Bagisto to version 2.4.2 or later.

Added: Jun 8, 2026, 10:20 AM

Updated: Jun 8, 2026, 10:20 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

8.3

remediation

7.7

relevance

9.2

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

8.3

remediation

7.7

relevance

9.2

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bagisto Path Traversal Vulnerability in ImageCacheController Component Allowing Arbitrary File Read

Vulnerability

Impact

Remediation

Affected Products

Bagisto

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating