Directory Traversal Vulnerability in mee-admin 1.5 Allows Arbitrary File Reading

Directory Traversal Vulnerability in mee-admin 1.5 Allows Arbitrary File Reading

CVE-2023-42280 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify the incoming data, resulting in arbitrary file reading.

Learn more about our Web Application Penetration Testing UK.