CVE-2021-37469
MEDIUMNCH WebDictate < 2.13 - Authenticated Path Traversal via logprop Parameter
Title source: llmDescription
In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/0xfml/poc/blob/main/NCH/WebDictate_2.13_LFI.md
Product x_refsource_misc
https://www.nch.com.au/webdictate/index.html
Scores
CVSS v3
6.5
EPSS
0.0124
EPSS Percentile
65.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
nch/webdictate
< 2.13
Published
Jul 25, 2021
Tracked Since
Feb 18, 2026