CVE-2021-41950
N/A
N/A
Summary
A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://svn.resourcespace.com/svn/rs/releases/9.6/pages/ajax/tiles.php
- https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/
References
- http://svn.resourcespace.com/svn/rs/releases/9.6/pages/ajax/tiles.php
- https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.