CVE-2019-14521

HIGH

EMCA Energy Logserver 6.1.2 - Path Traversal

Title source: llm
STIX 2.1

Description

The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter.

References (4)

Core 4
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://energy-log-server-6x.readthedocs.io/en/latest/CHANGELOG.html
Vendor Advisory x_refsource_misc
https://energylogserver.pl/en/
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/ahpaleus/effb46d4a9d9c2b9a452c98f64ddc2c7

Scores

CVSS v3 7.5
EPSS 0.0245
EPSS Percentile 82.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (1)
emca/energy_logserver 6.1.2
Published Aug 05, 2019
Tracked Since Feb 18, 2026