2 matches found
CVE-2021-41242
OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...
CVE-2021-41242
OpenOlat (web-based LMS) has a path traversal vulnerability in REST methods that allow an attacker with a user account and enabled REST API to craft a filename containing a relative path, enabling write access to files anywhere under the web root or beyond depending on server configuration. Affec...