Description
The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter.
References (4)
Core 4
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://energy-log-server-6x.readthedocs.io/en/latest/CHANGELOG.html
Vendor Advisory x_refsource_misc
https://energylogserver.pl/en/
Patch, Third Party Advisory x_refsource_misc
https://github.com/emca-it/Energy-Log-Server-6.x/commits/master
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/ahpaleus/effb46d4a9d9c2b9a452c98f64ddc2c7
Scores
CVSS v3
7.5
EPSS
0.0245
EPSS Percentile
82.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (1)
emca/energy_logserver
6.1.2
Published
Aug 05, 2019
Tracked Since
Feb 18, 2026