Open navigation

Security Advisory: Gespage directory traversal

Description:


Directory Traversal is a vulnerability which allows attackers to access restricted directories and read files outside of the web server's root directory. 

By exploiting directory traversal vulnerabilities, attackers step out of the root directory and access files in other directories. As a result, attackers might view restricted files or execute commands, leading to a full compromise of the Web server. 


Affected Items:


/gespage/doDownloadData 

/gespage/webapp/doDownloadData 


Products and versions affected:


Gespage v8.2.1 and earlier.


Workaround:


Users who still use an older version of the product are strongly invited to upgrade to the latest version available.


References:


ON-X | issue found by Olivier Thibault :

https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_gespage_-_cve-2021-33807.pdf


Mitre, CVE-2021-33807

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33807




Cette réponse a-t-elle été utile ? Oui Non

Envoyer vos commentaires
Nous sommes désolés de ne pas avoir pu répondre à votre question. Aidez-nous à améliorer cet article grâce à vos commentaires.