Directory Traversal Vulnerability in WADashboard API Allows Remote Code Execution

Directory Traversal Vulnerability in WADashboard API Allows Remote Code Execution

CVE-2018-15705 · HIGH Severity

AV:N/AC:L/AU:S/C:N/I:C/A:C

WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.

Learn more about our Web App Pen Testing.