An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-06T17:21:07
Updated: 2024-08-04T08:39:25.999Z
Reserved: 2020-01-06T00:00:00
Link: CVE-2020-5840
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-01-06T18:15:24.247
Modified: 2020-01-14T19:43:47.890
Link: CVE-2020-5840
Redhat
No data.