CVE-2020-7831

HIGH

Ebiz4u - Path Traversal

Title source: llm

Description

A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however.

References (1)

[Third Party Advisory] https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35559

Scores

CVSS v3 8.8

EPSS 0.0037

EPSS Percentile 58.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-494

Status published

Products (1)

inogard/ebiz4u cviewer_object_1.0.5.1

Published Aug 24, 2020

Tracked Since Feb 18, 2026