exploitDog

CVE-2021-44162

Опубликовано: 20 дек. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbitrary system files without authentication.

Ссылки

https://www.twcert.org.tw/tw/cp-132-5397-b1f40-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-5397-b1f40-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:chinasea:qb_smart_service_robot:-:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00423

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-h66r-8738-fm4g

github

около 4 лет назад

Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbitrary system files without authentication.

EPSS

Процентиль: 62%

0.00423

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22