CVE-2018-7807

CWE-22Path Traversal3 documents3 sources
Severity
8.8HIGH
EPSS
0.8%
top 26.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schneider-electric Struxureware Data Center ExpertSchneider Electric SE Data Center Expert Versions 7.5.0 AND Earlier
Timeline
PublishedNov 30
Latest updateMay 14

Description

Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java co

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5schneider_electric_se/data_center_expert_versions_7.5.0_and_earlierData Center Expert versions 7.5.0 and earlier

🔴Vulnerability Details

2
GHSA
GHSA-295v-ccvg-8jrq: Data Center Expert, versions 72022-05-14
CVEList
CVE-2018-7807: Data Center Expert, versions 72018-11-30
CVE-2018-7807 (HIGH CVSS 8.8) | Data Center Expert | cvebase.io