N/A

A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read arbitrary files, such as the server's Web.config.

N/A

N/A

TMS Management Console 安全漏洞

TMS Management Console是美国TMS公司的一个管理控制台软件。 TMS Management Console 6.3.7.27386.20250818版本存在安全漏洞，该漏洞源于profile dashboard中的Download Template功能未处理filePath参数中的目录遍历序列，可能导致经过身份验证的用户读取任意文件。

N/A

N/A