PluginServlet.java in Ignite Realtime Openfire up to and including 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
igniterealtime openfire |