CVE-2021-22857

Summary

The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily.

Affected Software

VendorProductVersion RangeStatus
ChanGate EnterPrise Co., Ltdproperty management system0 <= 1.00affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References