CVE-2022-26675

aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory.
Configurations

Configuration 1 (hide)

cpe:2.3:a:aenrich:a\+hrd:6.8:*:*:*:*:*:*:*

History

21 Nov 2024, 06:54

Type Values Removed Values Added
References () https://www.twcert.org.tw/tw/cp-132-5969-a5d4a-1.html - Third Party Advisory () https://www.twcert.org.tw/tw/cp-132-5969-a5d4a-1.html - Third Party Advisory

Information

Published : 2022-04-07 19:15

Updated : 2024-11-21 06:54


NVD link : CVE-2022-26675

Mitre link : CVE-2022-26675

CVE.ORG link : CVE-2022-26675


JSON object : View

Products Affected

aenrich

  • a\+hrd
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')