PT-2015-3621 · Dassault Systèmes · Solidworks Workgroup Pdm
Brendan Coles
+1
·
Publicado
2015-01-13
·
Atualizado
2017-09-08
·
CVE-2014-100015
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SolidWorks Workgroup PDM version 2014
Description
The issue allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload, potentially leading to unauthorized file modifications.
Recommendations
For SolidWorks Workgroup PDM version 2014, consider restricting file upload capabilities to trusted sources until a fix is available. As a temporary workaround, implement strict validation and sanitization of filenames to prevent directory traversal attacks.
Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Solidworks Workgroup Pdm