Path Traversal Vulnerability in Sunnet eHRD Allows Unauthenticated Remote Attackers to Access Restricted Paths and Download System Files

Path Traversal Vulnerability in Sunnet eHRD Allows Unauthenticated Remote Attackers to Access Restricted Paths and Download System Files

CVE-2021-43358 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.

Learn more about our Web Application Penetration Testing UK.