Lucene search
Veracode Vulnerability DatabaseVERACODE:21622HistoryOct 03, 2019 - 6:36 a.m.
Directory Traversal
2019-10-0306:36:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.003 Low
EPSS
Percentile
70.7%
Butor Portal is vulnerable to path traversal. Lack of validation on user provided path via the theme t parameter allows an attacker to to inject malicious substring /wl?t=../../...&h;= followed by a filename to get access to the file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| butor portal webapp | le | 1.0.13 |
References
bitbucket.org/account/user/butor-team/projects/PROJ
bitbucket.org/butor-team/portal/commits/all
bitbucket.org/butor-team/portal/commits/cd7055d33e194fcf530100ee1d8d13aa9cde230b
bitbucket.org/butor-team/portal/src/cd7055d33e194fcf530100ee1d8d13aa9cde230b/src/main/java/com/butor/portal/web/servlet/WhiteLabelingServlet.java?at=master
www.gosecure.net/blog/2019/09/30/butor-portal-arbitrary-file-download-vulnerability-cve-2019-13343
Related
prion
prion
Path traversal
2019-10-02 16:15:00
nvd
nvd
CVE-2019-13343
2019-10-02 16:15:14
cve
cve
CVE-2019-13343
2019-10-02 16:15:14
cvelist
cvelist
CVE-2019-13343
2019-10-02 15:49:29