Lucene search

K

Idearespa Security Vulnerabilities

cve
cve

CVE-2022-27249

An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx...

8.8CVSS

8.7AI Score

0.003EPSS

2022-04-03 11:15 PM
55
cve
cve

CVE-2022-27248

A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to...

6.5CVSS

6.2AI Score

0.002EPSS

2022-04-03 11:15 PM
56