Описание
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read sensitive system files like /etc/passwd.
EPSS
Процентиль: 49%
0.00255
Низкий
Дефекты
CWE-22
Связанные уязвимости
github
около 2 месяцев назад
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read sensitive system files like /etc/passwd.
EPSS
Процентиль: 49%
0.00255
Низкий
Дефекты
CWE-22