CVE-2021-47978

MEDIUM CVSS 6.2 View on NVD ↗

Description

ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send requests with directory traversal sequences to access sensitive system files like /etc/passwd without authentication.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

https://www.exploit-db.com/exploits/50229
https://www.processmaker.com/
https://www.vulncheck.com/advisories/processmaker-local-file-inclusion-via-path-traversal

Published: May 16, 2026 16:16 UTC Modified: May 16, 2026 16:16 UTC