ABB Cylon Aspect 3.08.01 logYumLookup.php Unauthenticated File Disclosure

Discussion in 'News Aggregator' started by Packet Storm, 8 Oct 2024.

  1. Packet Storm

    Packet Storm Guest

    ABB Cylon Aspect versions 3.08.01 and below suffer from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the logFile GET parameter via the logYumLookup.php script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

    Continue reading...
     
    #1 Packet Storm, 8 Oct 2024
(You must log in or sign up to post here.)

Share This Page

Loading...