vendor:
Gleamtech
by:
2012
it can be possible to bypass the security restrictions and upload an arbitrary file and execute that on the server."
CVSS
6,4
Directory Traversal
N/A
CWE
Product Name: Gleamtech
Affected Version From: YES
Affected Version To: 4.3
Patch Exists: Ensure that the application is not vulnerable to directory traversal attacks by validating user input.
Related CWE: Soroush Dalili
CPE: 4.6
Metasploit:
https://www.exploit-db.com/raw/22972
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: FileVista/FileUltimate
MEDIUM
GleamtechFileVista/FileUltimate 4.6 Directory Traversal can lead to file upload attack
It is possible to bypass directory traversal validation of FileVista/FileUltimate version 4.3 by using "..[SPACE]/" or "..[SPACE]". As a result
Mitigation:
22
