Last active
July 25, 2023 09:25
-
-
Save barrett092/9ed092e4b14b9145f4d046556eb9dab7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Author: Christopher J. Barretto | |
| Organization: GraVoc | |
| CVE ID: CVE-2023-33524 | |
| Name of Product: Advent/SSC Inc. Tamale RMS | |
| Affection Version: Tamale RMS - All versions under 23.1 | |
| Fixed Version: 23.1 and above | |
| Description: If one traverses to the affected URL, one enumerate Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app. | |
| Vulnerability Type: Directory Traversal | |
| Root Cause: Unrestricted endpoint at: | |
| /ts-admin/Contact | |
| /ts-admin/Login | |
| Impact: Access to data such as Contact Information and other information within the web application. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment