CVE-2020-13227

Опубликовано: 02 июн. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism.

Ссылки

https://github.com/wrongsid3
Third Party Advisory
https://github.com/wrongsid3/Sysax-MultiServer-6.90-Multiple-Vulnerabilities/blob/master/README.md
Exploit
Third Party Advisory
https://pasteboard.co/J9eF12G.png
Exploit
Third Party Advisory
https://github.com/wrongsid3
Third Party Advisory
https://github.com/wrongsid3/Sysax-MultiServer-6.90-Multiple-Vulnerabilities/blob/master/README.md
Exploit
Third Party Advisory
https://pasteboard.co/J9eF12G.png
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sysax:multi_server:6.90:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00526

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-p3pr-hfwc-v329

github

больше 3 лет назад