Описание
An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field.
Ссылки
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.1.0 (исключая)
cpe:2.3:a:smartstore:smartstorenet:*:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00597
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field.
EPSS
Процентиль: 69%
0.00597
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-22