erpscanteam/CVE-2018-2380

Releases0

Stars52

PoC of Remote Command Execution via Log injection on SAP NetWeaver AS JAVA CRM

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-2380 ↗	Mar 1, 2018Thursday, 1 March 2018, 17:29	6.6 MEDIUM	6.5 MEDIUM
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.