PT-2023-28056 · Unknown · Chengdu Flash Flood Disaster Monitoring/Warning System

Xiafine

Publicado

2023-08-05

Atualizado

2024-05-17

CVE-2023-4171

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0

Description A problematic issue was found in the Chengdu Flash Flood Disaster Monitoring and Warning System. This issue affects the file ServiceFileDownload.ashx and is related to the manipulation of the Files argument, leading to path traversal. The attack can be initiated remotely.

Recommendations For Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0, consider restricting access to the FileDownload.ashx file to minimize the risk of exploitation. Avoid using the Files argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-24

Identificadores relacionados

CVE-2023-4171

Produtos afetados

Chengdu Flash Flood Disaster Monitoring/Warning System

PT-2023-28056 · Unknown · Chengdu Flash Flood Disaster Monitoring/Warning System

CVE-2023-4171

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7