OrangeScrum version 2.0.11 allows an authenticated external malicious user to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
orangescrum orangescrum 2.0.11 |