Display Painéis TGA Galeria rename path traversal

A security flaw has been discovered in Display Painéis TGA up to 7.1.41. Affected by this issue is some unknown functionality of the file /gallery/rename of the component Galeria Page. The manipulation of the argument current_folder results in path traversal. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

对路径名的限制不恰当(路径遍历)

Display Painéis TGA 路径遍历漏洞

Display Painéis TGA是巴西Display Painéis公司的一款排队系统。 Display Painéis TGA 7.1.41及之前版本存在路径遍历漏洞，该漏洞源于对文件/gallery/rename中参数current_folder的错误操作，可能导致路径遍历。

N/A

N/A