Garrett: >> Ic Module Security Vulnerabilities
Specially-crafted command line arguments can lead to arbitrary file deletion. The handle_delete function does not attempt to sanitize or otherwise validate the contents of the [file] parameter (passed to the function as argv[1]), allowing an authenticated attacker to supply directory traversal primitives and delete semi-arbitrary files.
CVSS Score
6.0
EPSS Score
0.008
Published
2021-12-22
Specially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log file delete command. An attacker can provide malicious inputs to trigger this vulnerability
CVSS Score
6.0
EPSS Score
0.005
Published
2021-12-22