CVE-2024-5433 in CSI Web Server情報

要約

〜によって MITRE • 2024年05月28日

The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated access (allowed by default) by an attacker to files and directories outside of the webserver root directory they should be restricted to.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

モデレーション

承諾済み

エントリ

VDB-266423

EPSS

0.00487

アクティビティ

非常低い

ソース

Might our Artificial Intelligence support you?

Check our Alexa App!