CVE-2019-14251

HIGH EXPLOITED NUCLEI

Temenos Channels R15.01 - Path Traversal

Title source: llm

Description

An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or directories that are outside of the restricted directory because WealthT24/GetImage is used with the docDownloadPath and uploadLocation parameters.

Nuclei Templates (1)

T24 Web Server - Local File Inclusion

HIGHby 0x_Akoko

References (1)

[Exploit, Third Party Advisory] https://github.com/kmkz/exploit/blob/master/CVE-2019-14251-TEMENOS-T24.txt

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.5661

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2024-01-14

CWE

CWE-22

Status published

Products (1)

temenos/t24 r15.01

Published Dec 09, 2019

Tracked Since Feb 18, 2026