Zmcptools
Monthly
Path traversal in ZMCPTools up to version 0.2.2 allows authenticated remote attackers to read or manipulate files outside intended directories via the dirname argument in the MCP Log Resource Handler component. The vulnerability is exploitable over the network by authenticated users with low privileges, has publicly available exploit code, and carries a CVSS score of 2.1 reflecting low confidentiality and integrity impact with no scope expansion.
Path traversal in ZMCPTools up to version 0.2.2 allows authenticated remote attackers to read or manipulate files outside intended directories via the dirname argument in the MCP Log Resource Handler component. The vulnerability is exploitable over the network by authenticated users with low privileges, has publicly available exploit code, and carries a CVSS score of 2.1 reflecting low confidentiality and integrity impact with no scope expansion.