Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an object may be able to modify related objects that they should not have access to. See SEL Service Bulletin dated for more details.ĭHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path TraversalĪgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and downloading files from the server, by an unspecified request.Īn Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path.
Tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive.Ī path traversal issue was discovered on GL.iNet devices before 3.216. This occurs in frontend/web/middleware/static-theme.js. Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F.%2F.%2F/ directory traversal.
0 kommentar(er)
