Disclosure Date 2020/11/16
CVE-2020-5671
Arbitrary File Read in KonaWiki3
KonaWiki3 におけるパス・トラバーサル
Credit
stypr (@stereotype32)
Affected-Versions
KonaWiki: v3.1.1 and earlier
CWE
- CWE-22
Description
Inadequate query checking allows unauthorized disclosure of information stored above the target directory published as a website by a remote attacker. By exploiting this vulnerability, arbitrary files can be obtained.