CVE-2023-25914 - Path Traversal in Danfoss AK-SM800A
| CVE | CVE-2023-25914 | |||||||||||
| Discovered by |
|
|||||||||||
| Credits |
|
|||||||||||
| Affected products |
|
|||||||||||
| Page author | Max van der Horst | |||||||||||
| CVSS |
Base score:
9.9
(CRITICAL) |
|||||||||||
| References |
|
|||||||||||
| Problem type(s) | CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |||||||||||
| Last modified | 18 Aug 2023 17:09 |
Description
Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.
JSON version