PT-2020-14774 · Seafile · Seafile-Client
Nmht3Top
·
Published
2020-07-29
·
Updated
2020-08-05
·
CVE-2020-16143
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Seafile-client version 7.0.8
Description
The issue concerns a DLL hijacking vulnerability. It occurs because the seafile-client loads the
exchndl.dll from the current working directory.Recommendations
For version 7.0.8, consider restricting the loading of
exchndl.dll to a secure directory to minimize the risk of exploitation.Exploit
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Seafile-Client