PT-2021-10769 · Unknown · Veno File Manager

Published

2021-01-04

Updated

2021-01-06

CVE-2020-22550

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Veno File Manager version 3.5.6

Description The issue allows an attacker to perform a directory traversal, enabling them to download sensitive files from the server.

Recommendations For Veno File Manager version 3.5.6, consider restricting access to sensitive files on the server until a patch is available. As a temporary workaround, limit the ability to download files using the vulnerable directory traversal functionality.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-22550

Affected Products

Veno File Manager

PT-2021-10769 · Unknown · Veno File Manager

CVE-2020-22550

Weakness Enumeration

Related Identifiers

Affected Products

References · 5