Vulnerability Details CVE-2019-10266
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.355
EPSS Ranking 96.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References
Products affected by CVE-2019-10266
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.11.0.10
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.11.0.20
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.11.0.4
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.13.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.13.0.2
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.13.0.6
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.0.20
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.0.8
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.2.2
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.4.10
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.4.41
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.6.38
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.6.55
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.17.0.30
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.17.0.50
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.7.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.7.2.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.9.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.9.2.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.9.2.2
-
cpe:2.3:a:ahsay:cloud_backup_suite:8.1.0.24
-
cpe:2.3:a:ahsay:cloud_backup_suite:8.1.0.50