CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://cxsecurity.com/issue/WLB-2018090248 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-09-28T00:00:00
Updated: 2024-08-05T09:46:24.669Z
Reserved: 2018-08-05T00:00:00
Link: CVE-2018-14957
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-09-28T00:29:01.350
Modified: 2018-12-19T18:35:31.577
Link: CVE-2018-14957
Redhat
No data.