- Description
- The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in a byword://replace URL.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-264
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:metaclassy:byword:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6AF982AC-2BCF-4420-BFFC-38E4E2016476"
},
{
"criteria": "cpe:2.3:a:metaclassy:byword:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F458EEB-AC3E-4724-B167-6C28EFEF3DB4"
},
{
"criteria": "cpe:2.3:a:metaclassy:byword:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB905682-25A7-4B7B-91DB-0D105659B255"
},
{
"criteria": "cpe:2.3:a:metaclassy:byword:2.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65C0D0FB-B554-4472-9789-5A10317B1F34"
}
],
"operator": "OR"
}
]
}
]