Insufficient Path Check in AccountsService Allows Directory Traversal

Insufficient Path Check in AccountsService Allows Directory Traversal

CVE-2018-14036 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

Learn more about our User Device Pen Test.