Описание
A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 9.2.2.284 (исключая)
Одновременно
cpe:2.3:a:tobesoft:xplatform:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01855
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 8.8
github
почти 4 года назад
A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’.
EPSS
Процентиль: 83%
0.01855
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-22
CWE-22