Description

A Path Traversal vulnerability in LetsEncryptController in GrandNode allows an unauthenticated attacker to retrieve arbitrary files on the web server.

Remediation

Upgrade to the latest version of Grandnode

References

Grandnode Path Traversal

Related Vulnerabilities

WordPress Plugin IBS Mappro Arbitrary File Download (0.6)

WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.10)

WordPress Plugin WordPress Ad Widget Local File Inclusion (2.11.0)

WordPress Plugin MDC YouTube Downloader Local File Inclusion (2.1.0)

Telerik Web UI Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-2217)

Severity

High

Classification

CVE-2019-12276 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal