Directory Traversal Vulnerability in FlightCrew v0.9.2 and Older

Directory Traversal Vulnerability in FlightCrew v0.9.2 and Older

CVE-2019-13241 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

Learn more about our Web Application Penetration Testing UK.