Description:
Directory Traversal is a vulnerability which allows attackers to access restricted directories and read files outside of the web server's root directory.
By exploiting directory traversal vulnerabilities, attackers step out of the root directory and access files in other directories. As a result, attackers might view restricted files or execute commands, leading to a full compromise of the Web server.
Affected Items:
/gespage/doDownloadData
/gespage/webapp/doDownloadData
Products and versions affected:
Gespage v8.2.1 and earlier.
Workaround:
Users who still use an older version of the product are strongly invited to upgrade to the latest version available.
References:
ON-X | issue found by Olivier Thibault :
https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_gespage_-_cve-2021-33807.pdf
Mitre, CVE-2021-33807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33807