Podatność CVE-2024-8778
Publikacja: 2024-09-16

Opis:
OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files.

Typ:

CWE-36

 (Absolute Path Traversal)

 Referencje:
https://www.twcert.org.tw/tw/cp-132-8073-ff771-1.html
https://www.twcert.org.tw/en/cp-139-8074-66457-2.html
Copyright 2024, cxsecurity.com

 

Back to Top