mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 09:12:08 +00:00
850 B
850 B
CVE-2021-38146
Description
The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.
POC
Reference
- http://packetstormsecurity.com/files/164970/Wipro-Holmes-Orchestrator-20.4.1-Arbitrary-File-Download.html
- http://packetstormsecurity.com/files/164970/Wipro-Holmes-Orchestrator-20.4.1-Arbitrary-File-Download.html
Github
No PoCs found on GitHub currently.