Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a particular file exists.
References
Link | Resource |
---|---|
https://github.com/vulnerabilities-cve/vulnerabilities | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-11-12 17:15
Updated : 2019-11-13 14:15
NVD link : CVE-2019-18924
Mitre link : CVE-2019-18924
CVE.ORG link : CVE-2019-18924
JSON object : View
Products Affected
systematic
- iris_webforms
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')