One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 8310860 |
| Date de publication | 2023-02-16 14:15:15 (vue: 2023-02-16 16:06:50) |
| Titre | CVE-2022-38731 |
| Texte | Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type response header reflects the actual content type of the file being requested. This allows an attacker to enumerate files on the local system. Additionally, remote resources can be requested via a UNC path, allowing an attacker to coerce authentication out from the server to the attackers machine. |
| Envoyé | Oui |
| Condensat | 2022 38731 actual additionally all allowing allows arbitrary are attacker attackers authentication before being but can coerce content cve directory displayed dose enumerate file files filesystem from header image images load loaded loadimages local location machine name not only other out parameter path qaelum reflects remote requested resources response server specify system through traversal type unc user which |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.