RSS   Vulnerabilities for 'Hr portal'   RSS

2019-06-19
 
CVE-2019-10257

CWE-22
 

 
Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location (dot-dot-slash notation) to access files or directories that are elsewhere on the system. Through this vulnerability it is possible to read the application's java sources from /WEB-INF/classes/*.class

 

 >>> Vendor: Zucchetti 2 Products
Hr portal
Imagicle uc suite


Copyright 2024, cxsecurity.com

 

Back to Top