PT-2023-28056 · Unknown · Chengdu Flash Flood Disaster Monitoring/Warning System
Xiafine
·
Published
2023-08-05
·
Updated
2024-05-17
·
CVE-2023-4171
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0
Description
A problematic issue was found in the Chengdu Flash Flood Disaster Monitoring and Warning System. This issue affects the file
ServiceFileDownload.ashx and is related to the manipulation of the Files argument, leading to path traversal. The attack can be initiated remotely.Recommendations
For Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0, consider restricting access to the
FileDownload.ashx file to minimize the risk of exploitation. Avoid using the Files argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chengdu Flash Flood Disaster Monitoring/Warning System