ABB Cylon Aspect 3.08.02 logYumLookup.php Authenticated File Disclosure

Discussion in 'News Aggregator' started by Packet Storm, 24 Oct 2024.

  1. Packet Storm

    Packet Storm Guest

    ABB Cylon Aspect version 3.08.02 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the logFile GET parameter via the logYumLookup.php script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

    Continue reading...
     
    #1 Packet Storm, 24 Oct 2024
(You must log in or sign up to post here.)

Share This Page

Loading...