Path Traversal in Shenzhen Longjing Technology Co. Ltd. Bems Api
CVE-2021-4463
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft t…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.013 (68.0th percentile) — read the EPSS interpretation.
Affected products
- Shenzhen Longjing Technology Co. Ltd. Bems Api — versions 0
Weakness classification (CWE)
References
- disclosure@vulncheck.com (technical-description, exploit)
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (vdb-entry)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)