handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-06-07T00:33:54
Updated: 2024-08-04T12:32:14.230Z
Reserved: 2020-06-07T00:00:00
Link: CVE-2020-13894
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-06-07T01:15:10.457
Modified: 2020-06-11T00:23:32.383
Link: CVE-2020-13894
Redhat
No data.