Описание
The CControl::Download function (/dl URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to download arbitrary file types under the root via a trailing "." (dot) in a filename in the file parameter, related to erroneous behavior of the IsWinampFile function.
Ссылки
- Exploit
- Exploit
- ExploitVendor Advisory
- Exploit
- Exploit
- Exploit
- ExploitVendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 7.5.13 (включая)
Одно из
cpe:2.3:a:flippet.org:winamp_web_interface:*:*:*:*:*:*:*:*
cpe:2.3:a:flippet.org:winamp_web_interface:7.5.9:*:*:*:*:*:*:*
cpe:2.3:a:flippet.org:winamp_web_interface:7.5.11:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00645
Низкий
3.5 Low
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The CControl::Download function (/dl URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to download arbitrary file types under the root via a trailing "." (dot) in a filename in the file parameter, related to erroneous behavior of the IsWinampFile function.
EPSS
Процентиль: 70%
0.00645
Низкий
3.5 Low
CVSS2
Дефекты
NVD-CWE-Other