admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-06-02 03:30:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-39802.md

25 lines
1.2 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2022-39802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39802)
![](https://img.shields.io/static/v1?label=Product&message=SAP%20Manufacturing%20Execution&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%2015.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22&color=brighgreen)
### Description
SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.
### POC
#### Reference
- http://packetstormsecurity.com/files/168716/SAP-Manufacturing-Execution-Core-15.3-Path-Traversal.html
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/redrays-io/CVE-2022-39802
- https://github.com/whoforget/CVE-POC
- https://github.com/youwizard/CVE-POC
Reference in New Issue Copy Permalink