Enhancement: cves/2015/CVE-2015-2996.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-02-22 13:56:39 -05:00
parent bc0844999b
commit 43d1f3979d
1 changed files with 1 additions and 1 deletions

View File

@ -5,7 +5,7 @@ info:
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: | description: |
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum. SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.
reference: reference:
- https://seclists.org/fulldisclosure/2015/Jun/8 - https://seclists.org/fulldisclosure/2015/Jun/8
- https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk - https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk