2 matches found
CVE-2020-35362
CVE-2020-35362 affects DEXT5Upload 2.7.1262310 and earlier. The issue is Directory Traversal in handler/dext5handler.jsp, allowing remote files to be downloaded via a dext5CMD=downloadRequest action when traversal is used in the fileVirtualPath parameter and the attacker provides the correct file...
CVE-2020-7875
CVE-2020-7875 affects DEXT5 Upload 5.0.0.117 and earlier. The vulnerability allows a remote attacker to download and execute a remote file by manipulating arguments/variables in the ActiveX module, enabling code execution. The provided documents confirm the affected product/version and the underl...