Skip to main content

Reftree

2 CVEs product

Monthly

CVE-2022-27249 HIGH POC This Week

An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Reftree
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2022-27248 MEDIUM This Month

A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Reftree
NVD
CVSS 3.1
6.5
EPSS
2.8%
EPSS 5% CVSS 8.8
HIGH POC This Week

An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Reftree
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Reftree
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy