2 matches found
CVE-2017-5966
Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter...
CVE-2017-5966
CVE-2017-5966 affects Sitecore CRM 8.1 Rev 151207. The vulnerability is an absolute path traversal in sitecore/shell/download.aspx (parameter: file) that allows remote authenticated administrators to read arbitrary files. Root cause is improper validation of the file parameter in the download end...