PT-2023-11762 · Zrlog · Zrlog
J1Nse
·
Published
2023-08-11
·
Updated
2023-08-21
·
CVE-2020-27514
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ZrLog version 2.1.15
Description
A Directory Traversal vulnerability exists in the delete function of the admin.api.TemplateController in ZrLog, allowing remote attackers to delete arbitrary files and cause a denial of service (DoS).
Recommendations
For ZrLog version 2.1.15, consider disabling the delete function in the admin.api.TemplateController until a patch is available to prevent remote attackers from deleting arbitrary files. Restrict access to the TemplateController to minimize the risk of exploitation.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zrlog