Disclosure Date 2020/11/16
CVE-2020-5670
Path Traversal in KonaWiki3
KonaWiki3 のパス・トラバーサル
Credit
stypr (@stereotype32)
Affected-Versions
KonaWiki: v3.1.1 and earlier
CWE
- CWE-22
Description
Inadequate query checking allows unauthorized disclosure of information stored above the target directory published as a website by a remote attacker. The exploit of this vulnerability is limited to the files with specific extension only.
