Metatrader 4 Mcp
Monthly
Path traversal in 8nite metatrader-4-mcp 1.0.0 allows authenticated remote attackers to access arbitrary files via manipulation of the ea_name argument in the CallToolRequestSchema function of src/index.ts. The vulnerability affects the sync_ea_from_file component, has publicly available exploit code, and impacts confidentiality with a CVSS score of 2.1. The vendor has not responded to early disclosure notification.
Path traversal in 8nite metatrader-4-mcp 1.0.0 allows authenticated remote attackers to access arbitrary files via manipulation of the ea_name argument in the CallToolRequestSchema function of src/index.ts. The vulnerability affects the sync_ea_from_file component, has publicly available exploit code, and impacts confidentiality with a CVSS score of 2.1. The vendor has not responded to early disclosure notification.