exploitDog

GHSA-4f67-fhjj-9h87

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.

Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.

Ссылки

EPSS

Процентиль: 92%

0.08978

Низкий

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2013-1627

nvd

почти 13 лет назад

Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.

EPSS

Процентиль: 92%

0.08978

Низкий

CVE ID

Дефекты

CWE-22