Security Advisory: Gespage directory traversal
Description:
Directory Traversal is a vulnerability which allows attackers to access restricted directories and read files outside of the web server's root directory.
By exploiting directory traversal vulnerabilities, attackers step out of the root directory and access files in other directories. As a result, attackers might view restricted files or execute commands, leading to a full compromise of the Web server.
Affected Items:
/gespage/doDownloadData
/gespage/webapp/doDownloadData
Products and versions affected:
Gespage v8.2.1 and earlier.
Workaround:
Users who still use an older version of the product are strongly invited to upgrade to the latest version available.
References:
ON-X | issue found by Olivier Thibault :
https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_gespage_-_cve-2021-33807.pdf
Mitre, CVE-2021-33807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33807
Cet article a-t-il été utile ?
C'est super !
Merci pour votre commentaire
Désolé ! Nous n'avons pas pu vous être utile
Merci pour votre commentaire
Commentaires envoyés
Nous apprécions vos efforts et nous allons corriger l'article