Description
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
Problem types
CWE-36 Absolute Path Traversal
Product status
Any version
References
www.twcert.org.tw/tw/cp-132-10328-dbc35-1.html
www.twcert.org.tw/en/cp-139-10329-a1c5d-2.html