CVE-2019-10257

Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location (dot-dot-slash notation) to access files or directories that are elsewhere on the system. Through this vulnerability it is possible to read the application's java sources from /WEB-INF/classes/*.class
References
Link Resource
http://www.sk-it.com/en/cve.html Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:zucchetti:hr_portal:*:*:*:*:*:*:*:*

Information

Published : 2019-06-19 07:15

Updated : 2019-06-20 09:53


NVD link : CVE-2019-10257

Mitre link : CVE-2019-10257


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

zucchetti

  • hr_portal