CVE-2022-31324

MEDIUM

Penta Security Systems Inc WAPPLES <6.0 r3 4.10-hotfix1 - File Down...

Title source: llm

Description

An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request.

References (2)

[Vendor Advisory] https://www.pentasecurity.com/product/wapples/

[Various Sources] https://medium.com/%40_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb

Scores

CVSS v3 6.5

EPSS 0.0029

EPSS Percentile 52.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-494

Status published

Products (2)

pentasecurity/wapples v6.0.r3.4.10 (2 CPE variants)

pentasecurity/wapples 4.0.0 - 6.0.r3.4.10

Published Sep 13, 2022

Tracked Since Feb 18, 2026