CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-25068

Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. This vulnerability allows a remote unauthenticated attacker to read internal files on the server via an http:IP:PORT/../../path/file_to_disclose Directory Traversal URI. NOTE: The manufacturer indicated that the affected version does not exist. Furthermore, they indicated that they detected this problem in an internal audit more than 3 years ago and fixed it in 2017.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.143

EPSS Ranking 94.1%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

http://setelsa-security.es/productos/control-de-acceso/
https://github.com/bryanroma/CVE-2020-25068
https://www.youtube.com/watch?v=CLAHE0qUHXs
http://setelsa-security.es/productos/control-de-acceso/
https://github.com/bryanroma/CVE-2020-25068
https://www.youtube.com/watch?v=CLAHE0qUHXs

Products affected by CVE-2020-25068

Setelsa-Security » Conacwin » Version: 3.7.1.2

cpe:2.3:a:setelsa-security:conacwin:3.7.1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-25068

Products

Pricing

Contact Us