Описание
The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request.
Ссылки
- Exploit
- Vendor Advisory
- US Government Resource
- Exploit
- Vendor Advisory
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:3ssoftware:codesys:3.4:sp4:patch2:*:*:*:*:*
EPSS
Процентиль: 79%
0.01246
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request.
EPSS
Процентиль: 79%
0.01246
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-264