CVE-2019-9622

Опубликовано: 07 мар. 2019

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file.

Ссылки

https://pentest.com.tr/exploits/Brigade-ERP-4-5-Database-Backup-Disclosure-via-AFD.html
Exploit
Third Party Advisory
https://sourceforge.net/p/ebrigade/code/5912/
Third Party Advisory
https://www.exploit-db.com/exploits/46109
Exploit
Third Party Advisory
VDB Entry
https://pentest.com.tr/exploits/Brigade-ERP-4-5-Database-Backup-Disclosure-via-AFD.html
Exploit
Third Party Advisory
https://sourceforge.net/p/ebrigade/code/5912/
Third Party Advisory
https://www.exploit-db.com/exploits/46109
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ebrigade:ebrigade:*:*:*:*:*:*:*:*

Версия до 4.5 (включая)

EPSS

Процентиль: 87%

0.03436

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-g8c3-hrwq-73wr