Filtered by vendor Idearespa
Subscriptions
Filtered by product Reftree
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27249 | 1 Idearespa | 1 Reftree | 2024-08-03 | 8.8 High |
| An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource. | ||||
| CVE-2022-27248 | 1 Idearespa | 1 Reftree | 2024-08-03 | 6.5 Medium |
| A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to CaddemServiceJS/CaddemService.svc/rest/DownloadDwg. | ||||
Page 1 of 1.