CVE-2018-20094

An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java.
References
Link Resource
https://github.com/xuxueli/xxl-conf/issues/61 Exploit Issue Tracking
Configurations

Configuration 1

cpe:2.3:a:xuxueli:xxl-conf:1.6.0:*:*:*:*:*:*:*

Information

Published : 2018-12-12 10:29

Updated : 2019-01-04 02:55


NVD link : CVE-2018-20094

Mitre link : CVE-2018-20094

Products Affected
CWE