THREAT OPS › Threat News › [GHSA] GHSA-cv65-7cg8-r623 (high) — FacturaScripts: Unauthenticated Path Traversal in Static File Controllers Reads Private MyFiles Documents
[GHSA] GHSA-cv65-7cg8-r623 (high) — FacturaScripts: Unauthenticated Path Traversal in Static File Controllers Reads Private MyFiles Documents
GHSA-cv65-7cg8-r623 Severity: high CVE: CVE-2026-45693
FacturaScripts: Unauthenticated Path Traversal in Static File Controllers Reads Private MyFiles Documents
### Summary
The static file controllers in FacturaScripts decide whether a request is authorized by looking at the URL string instead of the canonical filesystem path. A request that starts with an allow-listed folder name but contains
Indicators of compromise
- CVE-2026-45693cve
Original source: https://github.com/advisories/GHSA-cv65-7cg8-r623