CVEs-PoC/2020/CVE-2020-29026.md

### [CVE-2020-29026](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29026)
![](https://img.shields.io/static/v1?label=Product&message=GateManager&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=All%3C%209.2c%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)

### Description

A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c.

### POC

#### Reference
- https://www.secomea.com/support/cybersecurity-advisory/#2918

#### Github
No PoCs found on GitHub currently.