Unauthenticated File Download Vulnerability in Aseco Lietuva DVS Avilys

CVE-2022-27192 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files.

Learn more about our Web Application Penetration Testing UK.