27 Jan 2023
Vulnérabilité CVE-2022-39812 CVE Vulnerability
Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary directory. Because the application does not check in which directory a file will be uploaded, an attacker can perform a variety of attacks that can result in unauthorized access to the server. (CVSS:0.0) (Last Update:2023-01-27)
Vulnerability Details : Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary directory. Because the application does not check in which directory a file will be uploaded, an attacker can perform a variety of attacks that can result in unauthorized access to the server. Publish Date : 2023-01-27 Last Update Date : 2023-01-27 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2022-39812
- References For CVE-2022-39812
| ||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2022-39812There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |