mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-13 10:04:45 +02:00
0xMarcio
1.3 KiB
1.3 KiB
CVE-2018-2380
Description
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
POC
Reference
- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
- https://github.com/erpscanteam/CVE-2018-2380
- https://github.com/erpscanteam/CVE-2018-2380
- https://www.exploit-db.com/exploits/44292/
- https://www.exploit-db.com/exploits/44292/
Github
- https://github.com/0xT11/CVE-POC
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/erpscanteam/CVE-2018-2380
- https://github.com/hectorgie/PoC-in-GitHub