3 matches found
CVE-2020-7522
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of SoundUploadServlet which may lead to uploading executable files to non-specified directories...
CVE-2020-7522
CVE-2020-7522 is a path traversal vulnerability in Schneider Electric APC Easy UPS On‑Line Software (SFAPV9601) before v2.1, affecting the SoundUploadServlet. The issue allows uploading executable files to non‑specified directories, potentially enabling remote code execution. Public references (Z...
Schneider Electric APC Easy UPS On-Line
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: APC Easy UPS On-Line Vulnerabilities: Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to remote code execution. 3...