Insecure Permissions Granting Write Privileges to Authenticated Users in Chocolatey PHP Package v8.1.12 and Below

Insecure Permissions Granting Write Privileges to Authenticated Users in Chocolatey PHP Package v8.1.12 and Below

CVE-2022-45307 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder.

Learn more about our User Device Pen Test.