ProcessMaker

CVEs (1)

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2021-47978	Med	0.40	6.2	0.00		May 16, 2026	ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send requests with directory traversal sequences to access sensitive system files like /etc/passwd without authentication.

CVE-2021-47978MedMay 16, 2026
risk 0.40cvss 6.2epss 0.00
ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send requests with directory traversal sequences to access sensitive system files like /etc/passwd without authentication.