Main Vulnerability Database Vulnerabilities #VU77340

External Control of File Name or Path in Canto Extension - #VU77340

Published: June 15, 2023

Vulnerability identifier: #VU77340

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-73

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Canto Extension

Software vendor:
Canto

Description

The vulnerability allows a remote attacker to download arbitrary files.

The vulnerability exists due to application allows an attacker to control path of the files to delete. A remote user can send a specially crafted HTTP request and download arbitrary files on the system, leading to arbitrary code execution.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://typo3.org/security/advisory/typo3-ext-sa-2023-006/

External Control of File Name or Path in Canto Extension - #VU77340

Description

Remediation

External links

Please verify you're human