exploitDog

GHSA-6cmq-gxq2-w376

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter.

An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter.

Ссылки

EPSS

Процентиль: 36%

0.00152

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-425

Связанные уязвимости

CVE-2018-11346

CVSS3: 4.3

nvd

больше 7 лет назад

An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter.

EPSS

Процентиль: 36%

0.00152

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-425