Path Traversal Vulnerability in SmartBPM.NET Component Allows Unauthorized Access to System Files

Path Traversal Vulnerability in SmartBPM.NET Component Allows Unauthorized Access to System Files

CVE-2023-37288 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files.

Learn more about our Web Application Penetration Testing UK.