Описание
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
Ссылки
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:kiwi_enterprises:kiwi_cattools:*:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06949
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
EPSS
Процентиль: 91%
0.06949
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other