VYPR

RefTree

by IdeaRE

CVEs (2)

  • CVE-2022-27249HigApr 3, 2022
    risk 0.58cvss 8.8epss 0.05

    An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource.

  • CVE-2022-27248MedApr 3, 2022
    risk 0.42cvss 6.5epss 0.03

    A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path…