Directory Traversal Vulnerability in Ahsay Cloud Backup Suite

Directory Traversal Vulnerability in Ahsay Cloud Backup Suite

CVE-2019-10265 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:N/A:N

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to (for example) "C:" then one can browse the whole server.

Learn more about our Cis Benchmark Audit For Server Software.