exploitDog

CVE-2023-3512

Опубликовано: 04 окт. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter.

Ссылки

https://https://www.incibe.es/en/incibe-cert/notices/aviso/relative-path-traversal-setelsa-security-conacwin
Broken Link
https://github.com/advisories/GHSA-v6jm-v768-76h2
Third Party Advisory
https://https://www.incibe.es/en/incibe-cert/notices/aviso/relative-path-traversal-setelsa-security-conacwin
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:setelsa-security:conacwin:*:*:*:*:*:*:*:*

Версия до 3.8.2.2 (включая)

EPSS

Процентиль: 27%

0.00095

Низкий

7.5 High

CVSS3

Дефекты

CWE-23

CWE-22

Связанные уязвимости

GHSA-v6jm-v768-76h2

CVSS3: 7.5

github

больше 2 лет назад

Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter.

EPSS

Процентиль: 27%

0.00095

Низкий

7.5 High

CVSS3

Дефекты

CWE-23

CWE-22