Описание
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.
Ссылки
EPSS
Процентиль: 34%
0.00137
Низкий
Дефекты
CWE-22
Связанные уязвимости
github
3 месяца назад
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.
EPSS
Процентиль: 34%
0.00137
Низкий
Дефекты
CWE-22