Design/Logic Flaw

2023-04-1915:15:00

PRIOn knowledge base

www.prio-n.com

access validation

teracopy 3.9.7

arbitrary file read

directory control

nvd

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.9%

JSON

Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control.

CPENameOperatorVersion
teracopyeq3.9.7

CPE	Name	Operator	Version
	teracopy	eq	3.9.7

References

packetstormsecurity.com/files/143984/TeraCopyService-3.1-Unquoted-Service-Path-Privilege-Escalation.html

securityandstuff.com/posts/teracopy_arbitrary_read/