PT-2022-18003 · Unknown · Aenrich A+Hrd

Kun Xian Lin

Published

2022-04-07

Updated

2022-04-14

CVE-2022-26675

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions aEnrich a+HRD (affected versions not specified)

Description The issue is related to inadequate filtering for special characters in URLs, allowing an unauthenticated remote attacker to bypass authentication. This can lead to path traversal attacks, enabling access to arbitrary files under the website root directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2022-26675

Affected Products

Aenrich A+Hrd

PT-2022-18003 · Unknown · Aenrich A+Hrd

CVE-2022-26675

Weakness Enumeration

Related Identifiers

Affected Products

References · 6