nagenanhai

2 exploits Active since Aug 2023
CVE-2023-4171 WRITEUP MEDIUM WRITEUP
Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 - Path Traversal via Files Parameter in FileDownload.ashx
A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file \Service\FileDownload.ashx. The manipulation of the argument Files leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236206 is the identifier assigned to this vulnerability.
CVSS 4.3
CVE-2023-4172 WRITEUP MEDIUM WRITEUP
Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 - Path Traversal via FileDirectory Parameter
A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207.
CVSS 4.3