VYPR

vuln-dext5upload

by Kbgsft

CVEs (1)

  • CVE-2020-35362HigDec 26, 2020
    risk 0.49cvss 7.5epss 0.02

    DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct…