2 matches found
CVE-2019-14251
An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer to traverse the file system and access files or directories that are...
CVE-2019-14251
CVE-2019-14251 (TEMENOS TEMENOS Channels R15.01, T24 Web Server): A local file inclusion (LFI) vulnerability exists in the T24 TEMENOS Channels web interface. Unauthenticated attackers can abuse the downloadDocServer() function (via WealthT24/GetImage with docDownloadPath/uploadLocation) to trave...