DEXT5Upload 2.7.1262310 and previous versions is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dext5 dext5upload |