CVE-2016-15038— NUUO NVRmini 2 deletefile.php path traversal

NUUO NVRmini 2 deletefile.php path traversal

A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258780.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

对路径名的限制不恰当(路径遍历)

NUUO NVRmini 路径遍历漏洞

NUUO NVRmini是NUUO公司的一款独立的基于 Linux 的 IP 摄像机监控解决方案。 NUUO NVRmini 2.x版本至3.0.8版本存在路径遍历漏洞，该漏洞源于对参数filename的错误操作会导致路径遍历。

N/A

N/A