CVE-2022-24241

High

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath…

mitre·CWE-610·Published 2022-05-27

CVSS

7.5

EPSS

0.01

KEV

Exploits

cve.orgen

160 chars

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.

NVDen

160 chars

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.

Se ha detectado que ACEweb Online Portal versión 3.5.065, contiene una vulnerabilidad de ruta y nombre de archivo externo controlado por medio del parámetro txtFilePath en el archivo attachments.awp

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N