Vulnerability Details CVE-2021-34805
An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.902
EPSS Ranking 99.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References
- http://packetstormsecurity.com/files/165701/FAUST-iServer-9.0.018.018.4-Local-File-Inclusion.html
- http://www.land-software.de/lfs.fau?prj=iweb&dn=faust+iserver
- https://sec-consult.com/vulnerability-lab/
- http://packetstormsecurity.com/files/165701/FAUST-iServer-9.0.018.018.4-Local-File-Inclusion.html
- http://www.land-software.de/lfs.fau?prj=iweb&dn=faust+iserver
- https://sec-consult.com/vulnerability-lab/
Products affected by CVE-2021-34805
-
cpe:2.3:a:land-software:faust_iserver:*