Описание
Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including those located in parent directories (e.g., ......), by exploiting the “direstudio” parameter in “/encuestas/integraweb[_v4]/integra/html/view/comprimir.php”.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:tesigandia:gandia_integra_total:4.4.2236.1:*:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.0006
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 6.5
github
4 месяца назад
Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including those located in parent directories (e.g., ..\..\..), by exploiting the “direstudio” parameter in “/encuestas/integraweb[_v4]/integra/html/view/comprimir.php”.
EPSS
Процентиль: 19%
0.0006
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-22