Vulnerability CVE-2022-2893


Published: 2023-01-17

Description:
RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an unauthorized user to specify file paths and download files.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

 References:
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-02

Copyright 2023, cxsecurity.com

 

Back to Top