File Download Vulnerability in Mycodo Versions Prior to 8.12.7

File Download Vulnerability in Mycodo Versions Prior to 8.12.7

CVE-2021-41185 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. A patch has been applied and a release made. Users should upgrade to version 8.12.7. As a workaround, users may manually apply the changes from the fix commit.

Learn more about our User Device Pen Test.