CNNVD-202602-227 Information
CNNVD ID
CNNVD-202602-227
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Rubikon Easy Transfer是Rubikon公司的一个文件传输应用。 Rubikon Easy Transfer 1.7版本存在路径遍历漏洞,该漏洞源于目录遍历漏洞,攻击者可通过操纵GET和POST请求中的路径参数来访问未经授权的文件系统路径,可能导致敏感系统文件被列出或下载,以及恶意脚本被注入到应用参数中。
Description (English)
Rubikon EASY Transfer is a file transfer application for Rubikon. Rubikon EASY TRANSfer 1.7 has a loophole in its path, which originates from a loophole in the directory where the assailant can access unauthorized file system paths by manipulating the path parameters in the GET and POST requests, which may lead to the listing or downloading of sensitive system files and the injection of malicious scripts into application parameters.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
Rubikon
Published
2026-02-03
Last Modified
2026-02-24
References
https://apps.apple.com/us/app/easy-transfer-wifi-transfer/id1484667078 https://www.exploit-db.com/exploits/48395 https://www.vulncheck.com/advisories/easy-transfer-for-ios-directory-traversal https://www.vulnerability-lab.com/get_content.php?id=2223
Share on: