Open navigation

Security Advisory: Gespage directory traversal

Description:


Directory Traversal is a vulnerability which allows attackers to access restricted directories and read files outside of the web server's root directory. 

By exploiting directory traversal vulnerabilities, attackers step out of the root directory and access files in other directories. As a result, attackers might view restricted files or execute commands, leading to a full compromise of the Web server. 


Affected Items:


/gespage/doDownloadData 

/gespage/webapp/doDownloadData 


Products and versions affected:


Gespage v8.2.1 and earlier.


Workaround:


Users who still use an older version of the product are strongly invited to upgrade to the latest version available.


References:


ON-X | issue found by Olivier Thibault :

https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_gespage_-_cve-2021-33807.pdf


Mitre, CVE-2021-33807

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33807


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.