Disclosure Date 2020/11/16

CVE-2020-5671

Arbitrary File Read in KonaWiki3

KonaWiki3のパス・トラバーサル

Credit

stypr (@stereotype32)

Affected-Versions

  • KonaWiki3.1.1 and earlier

CWE

CWE-22

Description

Inadequate query checking allows unauthorized disclosure of information stored above the target directory published as a website by a remote attacker. By exploiting this vulnerability, arbitrary files can be obtained.

Back