The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted HTTP request to particular endpoints in the web server. Patched Versions are 3.5.3 and 3.4.7.
CPE | Name | Operator | Version |
---|---|---|---|
powershell_universal | ge | 3.5.0 | |
powershell_universal | lt | 3.5.3 | |
powershell_universal | ge | 3.0.0 | |
powershell_universal | lt | 3.4.7 |