Directory traversal

2019-03-0705:29:00

PRIOn knowledge base

www.prio-n.com

4.8 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.6%

JSON

eBrigade through 4.5 allows Arbitrary File Download via …/ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file.

CPENameOperatorVersion
ebrigadele4.5

CPE	Name	Operator	Version
	ebrigade	le	4.5

References

pentest.com.tr/exploits/Brigade-ERP-4-5-Database-Backup-Disclosure-via-AFD.html

sourceforge.net/p/ebrigade/code/5912/

www.exploit-db.com/exploits/46109