cve/2018/CVE-2018-6660.md

### [CVE-2018-6660](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6660)
![](https://img.shields.io/static/v1?label=Product&message=ePolicy%20Orchestrator%20(ePO)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=5.3.25.3.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Directory%20Traversal%20vulnerability&color=brighgreen)

### Description

Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.

### POC

#### Reference
- https://kc.mcafee.com/corporate/index?page=content&id=SB10228

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-6660](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6660)`
			`![](https://img.shields.io/static/v1?label=Product&message=ePolicy%20Orchestrator%20(ePO)&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.3.25.3.2%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Directory%20Traversal%20vulnerability&color=brighgreen)`

			`### Description`

			`Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.`

			`### POC`

			`#### Reference`
			`- https://kc.mcafee.com/corporate/index?page=content&id=SB10228`

			`#### Github`
			`No PoCs found on GitHub currently.`