Directory Traversal Vulnerability in Zucchetti HR Portal Allows Unauthorized Access to System Files

Directory Traversal Vulnerability in Zucchetti HR Portal Allows Unauthorized Access to System Files

CVE-2019-10257 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location (dot-dot-slash notation) to access files or directories that are elsewhere on the system. Through this vulnerability it is possible to read the application's java sources from /WEB-INF/classes/*.class

Learn more about our Web App Pen Testing.