CVE-2020-5840

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
06/01/2020
Last modified:
14/01/2020

Description

An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:hashbrowncms:hashbrown_cms:*:*:*:*:*:*:*:* 1.3.2 (excluding)