Vulnerability Details CVE-2022-38614
An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.9%
CVSS Severity
CVSS v3 Score 7.5
References
- http://bpcbt.com
- http://smartvista.com
- https://tf1t.gitbook.io/mycve/smartvista/smartvista-cardgen/list-all-files-in-arbitrary-folder-in-smartvista-cardgen-version-3.28.0-cve-2022-38614
- http://bpcbt.com
- http://smartvista.com
- https://tf1t.gitbook.io/mycve/smartvista/smartvista-cardgen/list-all-files-in-arbitrary-folder-in-smartvista-cardgen-version-3.28.0-cve-2022-38614
Products affected by CVE-2022-38614
-
cpe:2.3:a:bpcbt:smartvista_cardgen:3.28.0