Security Advisory

CVE-2019-19992

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-02-26 15:09:02

Last updated 2024-08-05 02:32:10

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vam_editXml.php doesnt check the parameter that identifies the file name to be read. Thus, an attacker can manipulate the file name to access a potentially sensitive file within the filesystem.

← Browse all CVEs View on cve.org ↗