vendor:
Easy Chat Server
by:
z4nd3r
7.5
CVSS
HIGH
Directory Traversal and Arbitrary File Read
22
CWE
Product Name: Easy Chat Server
Affected Version From: 3.1
Affected Version To: 3.1
Patch Exists: NO
Related CWE:
CPE: a:echatserver:easy_chat_server:3.1
Platforms Tested: Windows 10 Pro Build 19042
2021
Easy Chat Server 3.1 – Directory Traversal and Arbitrary File Read
The web server allows for directory traversal and reading of arbitrary files on the system, given that the account running the server can access the target file.
Mitigation:
Ensure that the account running the server does not have access to sensitive files.