PT-2023-21165 · Adm+1 · Adm+1

Publicado

2023-05-31

Atualizado

2023-06-07

CVE-2023-2749

CVSS v3.1

8.6

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Name of the Vulnerable Software and Affected Versions Download Center versions 1.1.5.r1280 and below ADM versions 4.0 and above

Description The Download Center fails to properly validate the file path submitted by a user. An attacker can exploit this issue to gain unauthorized access to sensitive files or directories without appropriate permission restrictions.

Recommendations For Download Center versions 1.1.5.r1280 and below, update to a version above 1.1.5.r1280 to resolve the issue. For ADM versions 4.0 and above, ensure that the Download Center is updated to a version above 1.1.5.r1280 to prevent exploitation.

Correção

Incorrect Default Permissions

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-276CWE-200

Identificadores relacionados

CVE-2023-2749

Produtos afetados

Adm

Downloadcenter

PT-2023-21165 · Adm+1 · Adm+1

CVE-2023-2749

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3