CVE-2020-24136

Sažetak

Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php.

Reference

https://github.com/secwx/research/blob/main/cve/CVE-2020-24136.md
https://github.com/vedees/wcms/issues/12

CVSS

Base:	7.8
Impact:	6.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Zadnje važnije ažuriranje

19-04-2021 - 21:05

Objavljeno

07-04-2021 - 15:15