exploitDog

CVE-2021-36123

Опубликовано: 13 июл. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on the server filesystems as well any files accessible via Universal Naming Convention (UNC) paths.

Ссылки

https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.md
Third Party Advisory
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:echobh:sharecare:8.15.5:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.0032

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-prf7-x325-49xj

github

больше 3 лет назад

An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on the server filesystems as well any files accessible via Universal Naming Convention (UNC) paths.

EPSS

Процентиль: 55%

0.0032

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-Other