An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories.
Se detectó un problema de Salto de Ruta (Path) Absoluto en WebAccess Versión 8.1 y anteriores. Se ha identificado la vulnerabilidad de salto de ruta (path) absoluta, que puede permitir a un atacante atravesar el sistema de archivos para acceder a archivos o directorios restringidos.
This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability.
The specific flaw exists within odbcPg4.asp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite key web files which will disable functionality on the target machine.