关键漏洞信息 Advisories: Easy Transfer 1.7 for iOS - Directory Traversal Severity: MEDIUM Date: 2/3/2026 Affecting: Easy Transfer <= 1.7 CVE ID: CVE-2020-37086 CVE Summary: Improper Limitation of a Pathname in a Restricted Directory ('Path Traversal') CVSS Score: 4.0 (AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) References: - ExploitDB-ID: ExploitDB-48395 - Vulnerability Lab Advisory: Vulnerability-Lab Advisory - Official App Store Product Page: Official App Store Product Page Credit: Vulnerability Laboratory, Benjamin Kunz Mejri Description: Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download sensitive system files and inject malicious scripts into application parameters.