Disclosure Date 2020/11/16

CVE-2020-5670

Path Traversal in KonaWiki3

KonaWiki3のパス・トラバーサル

Credit

stypr (@stereotype32)

Affected-Versions

  • KonaWiki3.1.1 and earlier

CWE

CWE-22

Description

Inadequate query checking allows unauthorized disclosure of information stored above the target directory published as a website by a remote attacker. The exploit of this vulnerability is limited to the files with specific extension only.

Back