Arbitrary File Listing and Download Vulnerability in SmartVista Cardgen v3.28.0

Arbitrary File Listing and Download Vulnerability in SmartVista Cardgen v3.28.0

CVE-2022-38614 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter.

Learn more about our Web Application Penetration Testing UK.