CVE-2020-36364 Information
Jun 07, 2022
cve
Description
An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Reference
https://github.com/smartstore/SmartStoreNET/issues/2112 https://github.com/smartstore/SmartStoreNET/commit/5ab1e37dc8d6415d04354e1a116f3d82e9555f5c
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.1
Share on: