Directory Traversal Vulnerability in NCH IVM Attendant v5.12 and Earlier

Directory Traversal Vulnerability in NCH IVM Attendant v5.12 and Earlier

CVE-2021-37444 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function.

Learn more about our Web Application Penetration Testing UK.