1 results (0.001 seconds)
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13042 – Tsinghua Unigroup Electronic Archives Management System download.html download information disclosure
https://notcve.org/view.php?id=CVE-2024-13042
30 Dec 2024 — A vulnerability was found in Tsinghua Unigroup Electronic Archives Management System 3.2.210802(62532). It has been classified as problematic. Affected is the function download of the file SubjectController.class.php. The manipulation of the argument path leads to information disclosure. It is possible to launch the attack remotely. • https://github.com/BxYQ/zg_fileread • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •