RSS   Vulnerabilities for 'Dext5upload'   RSS

2020-12-26
 
CVE-2020-35362

CWE-22
 

 
DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value).

 

 >>> Vendor: Dext5 4 Products
Upload
Dext5
Dext5upload
Dext5 editor


Copyright 2024, cxsecurity.com

 

Back to Top