3 matches found
CVE-2020-13894
handler/uploadhandler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field...
CVE-2020-13894
handler/uploadhandler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field...
CVE-2020-13894
CVE-2020-13894 affects Raonwiz DEXT5 Editor before or up to version 3.5.1402961, where the file handler/upload_handler.jsp vulnerability allows an attacker to download arbitrary files via the savefilepath field. The connected sources confirm the vulnerable component and the arbitrary file downloa...