CVE-2019-14521
N/A
N/A
Summary
The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://energy-log-server-6x.readthedocs.io/en/latest/CHANGELOG.html
- https://energylogserver.pl/en/
- https://github.com/emca-it/Energy-Log-Server-6.x/commits/master
- https://gist.github.com/ahpaleus/effb46d4a9d9c2b9a452c98f64ddc2c7
References
- https://energy-log-server-6x.readthedocs.io/en/latest/CHANGELOG.html
- https://energylogserver.pl/en/
- https://github.com/emca-it/Energy-Log-Server-6.x/commits/master
- https://gist.github.com/ahpaleus/effb46d4a9d9c2b9a452c98f64ddc2c7
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.