CWE-22

SAP Business One version – 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.

NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability.

NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.

NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.

NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.

NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.