PT-2023-28061 · Unknown · Chengdu Flash Flood Disaster Monitoring/Warning System
Xiafine
·
Published
2023-08-05
·
Updated
2024-05-17
·
CVE-2023-4172
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0
Description
A problematic issue has been found in the system, affecting the file
ServiceFileHandler.ashx. The manipulation of the FileDirectory argument leads to absolute path traversal. The attack can be initiated remotely.Recommendations
For version 2.0, consider restricting access to the
FileHandler.ashx file to minimize the risk of exploitation. As a temporary workaround, avoid using the FileDirectory argument in the affected file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Chengdu Flash Flood Disaster Monitoring/Warning System