2 matches found
CVE-2019-19992
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vameditXml.php doesn't check the parameter that identifies the file name to be read. Thus, an...
CVE-2019-19992
The CVE refers to Selesta Visual Access Manager (VAM) versions 4.15.0 through 4.29. The vulnerability arises from /common/vam_editXml.php not validating the file-name parameter, allowing an authenticated user to read arbitrary XML files from the server filesystem via the web interface. This is a ...