5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.1%
Download Log CGI provided by SYNCK GRAPHICA contains an issue in processing file names, which may result in a directory traversal vulnerability.
A remote attacker may obtain arbitrary files on the server.
Update the Software
Update to the latest version according to the information provided by the developer.
It was found that version 3.2 released on 2015/1/7 and version 3.2.1 released on 2015/1/19 did not resolve the vulnerability, therefore, the developer released version 3.2.2 on 2015/1/23.