PT-2023-21165 · Adm+1 · Adm+1

Published

2023-05-31

Updated

2023-06-07

CVE-2023-2749

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Name of the Vulnerable Software and Affected Versions Download Center versions 1.1.5.r1280 and below ADM versions 4.0 and above

Description The Download Center fails to properly validate the file path submitted by a user. An attacker can exploit this issue to gain unauthorized access to sensitive files or directories without appropriate permission restrictions.

Recommendations For Download Center versions 1.1.5.r1280 and below, update to a version above 1.1.5.r1280 to resolve the issue. For ADM versions 4.0 and above, ensure that the Download Center is updated to a version above 1.1.5.r1280 to prevent exploitation.

Fix

Incorrect Default Permissions

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-200

Related Identifiers

CVE-2023-2749

Affected Products

Adm

Downloadcenter

PT-2023-21165 · Adm+1 · Adm+1

CVE-2023-2749

Weakness Enumeration

Related Identifiers

Affected Products

References · 3