CVE-2018-2380
Published
CVSS v3
6.6
MEDIUM
CVSS v2
6.5
MEDIUM
Affected
1
PROJECT
Description
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
PoC of Remote Command Execution via Log injection on SAP NetWeaver AS JAVA CRM
GitHub