There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is…
krcert·CWE-548·Published 2021-04-22
There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences(../../) to view host file on the system. This vulnerability can cause information leakage.
There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences(../../) to view host file on the system. This vulnerability can cause information leakage.
Se presenta una vulnerabilidad de salto de directorio en la URL de la página de descarga de AquaNPlayer versión 2.0.0.92. La IP de la URL de la página de descarga es localhost y un atacante puede saltar directorios usando secuencias "dot dot" (../../) para visualizar el archivo de host en el sistema. Esta vulnerabilidad puede causar un filtrado de información
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 5.0 | 10.0 | 2.9 | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| 3.1 | Primary | NVD | 8.6 | 3.9 | 4.0 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
| 3.1 | Primary | cve.org | 6.8 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N |
| 3.1 | Primary | cve.org | 6.8 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N |
| 3.1 | Secondary | NVD | 6.8 | 2.3 | 4.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N |