CVE-2019-16384
MEDIUMCybele Thinfinity VirtualUI <2.5.17.2 - Path Traversal
Title source: llmDescription
Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://labs.nettitude.com/blog/cve-2019-16384-85-cyblesoft-thinfinity-virtualui-path-traversal-http-header-injection/
Scores
CVSS v3
6.5
EPSS
0.0109
EPSS Percentile
61.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
cybelesoft/thinfinity_virtualui
< 2.5.17.2
Published
Jun 04, 2020
Tracked Since
Feb 18, 2026