vendor:
SpinetiX Fusion Digital Signage
by:
LiquidWorm
N/A
CVSS
HIGH
Path Traversal
22
CWE
Product Name: SpinetiX Fusion Digital Signage
Affected Version From: <= 3.4.8
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Linux
2020
SpinetiX Fusion Digital Signage 3.4.8 – File Delete Path Traversal
The application suffers from an authenticated path traversal vulnerability. Input passed via several parameters in index.php script is not properly verified before being used to create and delete files. This can be exploited to write backup files to an arbitrary location and/or delete arbitrary files via traversal attacks.
Mitigation:
Apply the vendor's patch or update to a version higher than 3.4.8