CVE-2020-10579
HIGHInvigo Automatic Device Management < 5.0 - Path Traversal via /admin/sysmon.php
Title source: llmDescription
A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://www.on-x.com/sites/default/files/security_advisory_-_multiple_vulnerabilities_-_invigo_adm.pdf
Scores
CVSS v3
7.5
EPSS
0.0220
EPSS Percentile
80.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
invigo/automatic_device_management
< 5.0
Published
Mar 25, 2021
Tracked Since
Feb 18, 2026