Path Traversal Vulnerability in XXL-CONF 1.6.0 Allows Unauthorized File Download

Path Traversal Vulnerability in XXL-CONF 1.6.0 Allows Unauthorized File Download

CVE-2018-20094 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java.

Learn more about our Web Application Penetration Testing UK.