An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on the server filesystems as well any files accessible via Universal Naming Convention (UNC) paths.
References
Link | Resource |
---|---|
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.md | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-07-13T13:56:20
Updated: 2021-07-13T13:56:20
Reserved: 2021-07-02T00:00:00
Link: CVE-2021-36123
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-07-13T14:15:08.907
Modified: 2021-07-15T14:04:20.047
Link: CVE-2021-36123
JSON object: View
Redhat Information
No data.
CWE