Unauthenticated File Structure and Content Disclosure in Ahsay Cloud Backup Suite

Unauthenticated File Structure and Content Disclosure in Ahsay Cloud Backup Suite

CVE-2019-10266 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:N/A:N

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication.

Learn more about our Cloud Audit.