CVE-2019-10257

CVE-2019-10257

Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location (dot-dot-slash notation) to access files or directories that are elsewhere on the system. Through this vulnerability it is possible to read the application’s java sources from /WEB-INF/classes/*.class

Source: CVE-2019-10257

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다