A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download (http://url:port/file?valore).
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/50638 | Exploit Third Party Advisory VDB Entry |
https://www.swascan.com/it/security-blog/ | Third Party Advisory |
https://www.swascan.com/solari-di-udine/ | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2022-02-15 22:15
Updated : 2024-02-28 19:09
NVD link : CVE-2021-35380
Mitre link : CVE-2021-35380
CVE.ORG link : CVE-2021-35380
JSON object : View
Products Affected
solari
- termtalk_server
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')