ID |
CVE-2025-0049
|
Sažetak |
When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping.
This issue affects GoAnywhere: before 7.8.0. |
Reference |
|
CVSS |
Base: | 3.5 |
Impact: | 1.4 |
Exploitability: | 2.1 |
|
Pristup |
Vektor | Složenost | Autentikacija |
NETWORK |
LOW |
LOW |
|
Impact |
Povjerljivost | Cjelovitost | Dostupnost |
LOW |
NONE |
NONE |
|
CVSS vektor |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
Zadnje važnije ažuriranje |
10-05-2025 - 00:55 |
Objavljeno |
28-04-2025 - 21:15 |