CVE-2020-14946 Information

Feb 14, 2021 cve

Description

downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files a user is able to view local files on the web server by manipulating the FileName and FilePath parameters in the URL or while using a proxy. This vulnerability could be used to view local sensitive files or configuration files.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

http://packetstormsecurity.com/files/158420/BSA-Radar-1.6.7234.24750-Local-File-Inclusion.html https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-1494620-20Local20File20Inclusion.md

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3

Share on: