Arbitrary File Write Vulnerability in Packwood MPXJ before 8.3.5

Arbitrary File Write Vulnerability in Packwood MPXJ before 8.3.5

CVE-2020-35460 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.

Learn more about our Web Application Penetration Testing UK.