Main
Vulnerability Database
Exploits
ID:1257 - Exploit for Path traversal in Nuxeo Platform - CVE-2017-5869
ID:1257 - Exploit for Path traversal in Nuxeo Platform - CVE-2017-5869
Published: March 18, 2020
Vulnerability identifier: #VU7337
Vulnerability risk: High
CVE-ID: CVE-2017-5869
CWE-ID: CWE-22
Exploitation vector: Remote access
Vulnerable software:
Nuxeo Platform
Nuxeo Platform
Link to public exploit:
Vulnerability description
The vulnerability allows a remote authenticated attacker to execute arbitrary code.
The weakness exists due to directory traversal in the file import feature. A remote attacker can submit a specially crafted JSP code and execute it on a targeted system.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to directory traversal in the file import feature. A remote attacker can submit a specially crafted JSP code and execute it on a targeted system.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.