PT-2021-12679 · Unknown · Aquanplayer

Published

2021-04-22

Updated

2021-04-29

CVE-2020-7858

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: AquaNPlayer version 2.0.0.92

Description: The issue is related to a directory traversing vulnerability in the download page URL. An attacker can use "dot dot" sequences (../../) to traverse directories and potentially view host files on the system, leading to information leakage. The IP of the download page URL is localhost.

Recommendations: For AquaNPlayer version 2.0.0.92, consider restricting access to the download page URL to minimize the risk of exploitation. As a temporary workaround, restrict the use of "dot dot" sequences (../../) in the download page URL until a patch is available.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-548CWE-22

Related Identifiers

CVE-2020-7858

Affected Products

Aquanplayer

PT-2021-12679 · Unknown · Aquanplayer

CVE-2020-7858

Weakness Enumeration

Related Identifiers

Affected Products

References · 4