albadotpy/ovidentia-information-disclosure-on-upload-directory-content
Releases0
Incorrect Access Control in FileManager in Ovidentia CMS 6.0 allows remote unauthenticated users to view and download content (information disclosure) in the upload directory via path traversal.
Tested on version 6.0, this version is vulnerable.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 7.5 HIGH | 5 MEDIUM | ||
An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal. | |||