CVE-2020-25134

CVE-2020-25134

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php.

Source: CVE-2020-25134

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다