RSS   Vulnerabilities for 'A\+hrd'   RSS

2022-04-07
 
CVE-2022-26675

CWE-22
 

 
aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory.

 
 
CVE-2022-26676

CWE-863
 

 
aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service.

 


Copyright 2024, cxsecurity.com

 

Back to Top