CVE-2020-7521

Summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of FileUploadServlet which may lead to uploading executable files to non-specified directories.

Affected Software

VendorProductVersion RangeStatus
n/aSFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlierSFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlieraffected

Weaknesses

  • CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References