CVE-2021-20876

MEDIUM Year: 2021
CVSS v3 Score
6.8
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-22
View all →

Vulnerability Description

Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above the directory on the published site's server via unspecified vectors.

Related Vulnerabilities

CVE-2016-2933

MEDIUM
CVSS:6.8(Medium)

Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request.

CWE-222016

CVE-2016-6614

MEDIUM
CVSS:6.8(Medium)

An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user ...

CWE-222016

CVE-2017-15527

MEDIUM
CVSS:6.8(Medium)

Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sa...

CWE-222017

CVE-2018-9445

MEDIUM
CVSS:6.8(Medium)

In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution ...

CWE-222018

CVE-2019-19848

MEDIUM
CVSS:6.8(Medium)

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerab...

CWE-222019

CVE-2019-4674

MEDIUM
CVSS:6.8(Medium)

IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to...

CWE-222019