Описание
Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the fullPath parameter of the /fileDownload?action=downloadBackupFile endpoint and retrieve files from the server filesystem. VulnCheck has observed this vulnerability being exploited in the wild.
EPSS
Процентиль: 55%
0.00326
Низкий
Дефекты
CWE-22
Связанные уязвимости
github
4 месяца назад
Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the `fullPath` parameter of the `/fileDownload?action=downloadBackupFile` endpoint and retrieve files from the server filesystem. VulnCheck has observed this vulnerability being targeted by the Rondo botnet.
EPSS
Процентиль: 55%
0.00326
Низкий
Дефекты
CWE-22