Acrolinx Dashboard Directory Traversal

vendor:

Acrolinx Dashboard

by:

Berk Dusunur

8.8

CVSS

HIGH

Directory Traversal

CWE

Product Name: Acrolinx Dashboard

Affected Version From: Before 5.2.5

Affected Version To: 5.2.5

Patch Exists: YES

Related CWE: CVE 2018-7719

CPE: a:acrolinx:acrolinx_dashboard

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows

2017

Acrolinx Dashboard Directory Traversal

Acrolinx dashboard windows works on the server. An attacker can exploit this vulnerability by sending a crafted request to the server. The crafted request contains a directory traversal payload which allows the attacker to access the windows win.ini file.

Mitigation:

Upgrade to Acrolinx Dashboard version 5.2.5 or later.

Source

Acrolinx Dashboard Directory Traversal

Mitigation:

Exploit-DB raw data: