Описание
A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
Ссылки
- ExploitIssue TrackingVendor Advisory
- ExploitIssue TrackingVendor Advisory
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 6.1 (включая)
cpe:2.3:a:lsfusion:lsfusion_platform:*:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00256
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 5.3
github
3 месяца назад
lsFusion Platform has a Path Traversal vulnerability
EPSS
Процентиль: 49%
0.00256
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22