Описание
Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.5.17.2 (включая)
cpe:2.3:a:cybelesoft:thinfinity_virtualui:*:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00323
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions.
EPSS
Процентиль: 55%
0.00323
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22