CVE-2020-10506

Description

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

ALLE INFORMATION CO., LTD. / School Manage Systembefore 2020 – before 2020

References

MISChttps://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d
MISChttps://www.twcert.org.tw/tw/cp-132-3531-cba24-1.html