PT-2023-20506 · M.Static · M.Static
Liran Tal
·
Publicado
2023-05-10
·
Atualizado
2025-01-27
·
CVE-2023-26126
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
m.static versions all
Description
The issue arises from improper input sanitization of the path being requested via the
requestFile function, leading to Directory Traversal. This allows unauthorized access to files and directories outside the intended directory.Recommendations
For all versions, consider disabling the
requestFile function until a patch is available to prevent exploitation. Restrict access to sensitive files and directories to minimize the risk of unauthorized access.Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
M.Static