CVE-2019-14914

CRITICAL

PRiSE adAS 1.7.0 - Path Traversal and Arbitrary File Read/Deletion via Metadata Deletion Method

Title source: llm
STIX 2.1

Description

An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
http://www.adas-sso.com/es/extra/download.php

Scores

CVSS v3 9.1
EPSS 0.0202
EPSS Percentile 78.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-22
Status published
Products (1)
prise/adas 1.7.0
Published Sep 20, 2019
Tracked Since Feb 18, 2026