CVE-2020-7858 Information
Description
There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using \dot dot\ sequences(../../) to view host file on the system. This vulnerability can cause information leakage.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Reference
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36014
There
is
a
directory
traversing
vulnerability
in
the
download
page
url
of
AquaNPlayer
2.0.0.92.
The
IP
of
the
download
page
url
is
localhost
and
an
attacker
can
traverse
directories
using
\dot
dot
sequences(../../)
to
view
host
file
on
the
system.
This
vulnerability
can
cause
information
leakage.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
8.6
Share on: