CVE-2022-1850: 
PHP vulnerability analysis and mitigation

Path Traversal vulnerability (CVE-2022-1850) was discovered in GitHub repository filegator/filegator affecting versions prior to 7.8.0. The vulnerability was disclosed on May 24, 2022, and allows attackers to potentially access files outside of intended directories (NVD, CVE).

The vulnerability is classified as a Path Traversal (CWE-22) issue, which involves improper limitation of a pathname to a restricted directory. The severity assessment shows a CVSS v3.1 Base Score of 8.1 (HIGH) according to NVD with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, while huntr.dev assessed it with a CVSS score of 5.4 (MEDIUM) with vector string CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N (NVD).

The vulnerability could allow attackers to access files outside of the intended directory structure, potentially exposing sensitive information and compromising system security through unauthorized file access (NVD).

The vulnerability has been patched in version 7.8.0 of filegator. The fix includes implementation of proper path traversal protection by escaping dots in file paths and adding additional security checks, as evidenced in the commit that addresses this issue (GitHub Patch).