An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NSscms
APPSscms7.3.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Powiązane podatności
CVE-2023-43953MEDIUM5.4ten sam produkt
SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management co...
CVE-2022-44298CRITICAL9.8ten sam vendor
SiteServer CMS 7.1.3 is vulnerable to SQL Injection.
CVE-2022-44297CRITICAL9.8ten sam vendor
SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.
CVE-2021-42654CRITICAL9.8ten sam vendor
SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which co...
CVE-2022-28118CRITICAL9.8ten sam vendor
SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.