CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-20094

An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.3%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://github.com/xuxueli/xxl-conf/issues/61
https://github.com/xuxueli/xxl-conf/issues/61

Products affected by CVE-2018-20094

Xuxueli » Xxl-Conf » Version: 1.6.0

cpe:2.3:a:xuxueli:xxl-conf:1.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20094

Products

Pricing

Contact Us