CVE-2024-5433 in CSI Web Serverinformação

Sumário

de MITRE • 28/05/2024

The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated access (allowed by default) by an attacker to files and directories outside of the webserver root directory they should be restricted to.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Divulgação

28/05/2024

Moderação

aceite

Entrada

VDB-266423

CPE

pronto

EPSS

0.00487

KEV

não

Atividades

muito baixo

Fontes

Do you know our Splunk app?

Download it now for free!