CVE-2020-7858
6.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Summary
There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences(../../) to view host file on the system. This vulnerability can cause information leakage.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| cdnetworks | AquaNPlayer | 2.0.0.92 <= 2.0.0.92 | affected |
Weaknesses
- CWE-548: CWE-548 Information Exposure Through Directory Listing
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.