CVE-2022-24241

HIGH

ACEweb Online Portal 3.5.065 - Path Traversal

Title source: llm

Description

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.

References (3)

[Product] http://aceware.com

[Product] http://aceweb.com

[Release Notes, Vendor Advisory] https://www.aceware.com/forum/viewtopic.php?f=7&t=481

Scores

CVSS v3 7.5

EPSS 0.0039

EPSS Percentile 59.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-610

Status published

Products (1)

aceware/aceweb_online_portal < 3.5.068

Published Jun 02, 2022

Tracked Since Feb 18, 2026