Podatność CVE-2023-50449
Publikacja: 2023-12-10   Modyfikacja: 2023-12-14

Opis:
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.

Typ:

CWE-22

 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

Affected software
Jfinalcms project -> Jfinalcms 

 Referencje:
https://gitee.com/heyewei/JFinalcms/issues/I7WGC6
Copyright 2024, cxsecurity.com

 

Back to Top