| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
| CVE-2021-26293 | 5 Mar 202100:47 | – | circl | |
| AfterLogic Aurora 路径遍历漏洞 | 4 Mar 202100:00 | – | cnnvd | |
| CVE-2021-26293 | 4 Mar 202120:32 | – | cvelist | |
| CVE-2021-26293 | 4 Mar 202121:15 | – | nvd | |
| CVE-2021-26293 | 4 Mar 202121:15 | – | osv | |
| Directory traversal | 4 Mar 202121:15 | – | prion | |
| CVE-2021-26293 | 22 May 202520:40 | – | redhatcve | |
| AfterLogic 多个安全漏洞(CVE-2021-26292 CVE-2021-26293 CVE-2021-26294) | 29 Mar 202100:00 | – | seebug |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| path | path | dav/server.php/files/personal/GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021 | Public full path disclosure via WebDAV endpoint when requesting a non-existent file/path | CWE-22 |
| filename | path | dav/server.php/files/personal/GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021 | Public full path disclosure via WebDAV endpoint when requesting a non-existent file/path | CWE-22 |
| path | request body | dav/server.php/files/persona/%2e%2e/%2e%2e//%2e%2e//%2e%2e/data//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e/var/www/html/shell.php | Unrestricted upload of a file via WebDAV with path traversal to place a shell under the web root | CWE-22 |
| filename | request body | dav/server.php/files/persona/%2e%2e/%2e%2e//%2e%2e//%2e%2e/data//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e/var/www/html/shell.php | Unrestricted upload of a file via WebDAV with path traversal to place a shell under the web root | CWE-22 |
| upload data | request body | dav/server.php/files/persona/%2e%2e/%2e%2e//%2e%2e//%2e%2e/data//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e//%2e%2e/var/www/html/shell.php | Unrestricted upload of a file via WebDAV with path traversal to place a shell under the web root | CWE-22 |
| path | path | dav/server.php/files/personal/%2e%2e/%2e%2e//%2e%2e//%2e%2e/data/settings/settings.xml | Public path traversal via WebDAV to read arbitrary files (information disclosure) | CWE-22 |
| filename | path | dav/server.php/files/personal/%2e%2e/%2e%2e//%2e%2e//%2e%2e/data/settings/settings.xml | Public path traversal via WebDAV to read arbitrary files (information disclosure) | CWE-22 |
| path | path | dav/server.php/files/personal/GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021 | Public full path disclosure via WebDAV endpoint when requesting a non-existent file/path (DELETE method) | CWE-22 |
| filename | path | dav/server.php/files/personal/GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021 | Public full path disclosure via WebDAV endpoint when requesting a non-existent file/path (DELETE method) | CWE-22 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation