Ghlab : Security Vulnerabilities, CVEs, CVSS score >= 3
Directory traversal vulnerability in component/flashupload/download.jsp in the FlashUpload component in Korean GHBoard allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
Max CVSS
5.0
EPSS Score
1.03%
Published
2007-10-30
Updated
2018-10-15
The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html.
Max CVSS
6.8
EPSS Score
0.68%
Published
2007-10-30
Updated
2018-10-15
Unrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request.
Max CVSS
7.5
EPSS Score
0.71%
Published
2007-10-30
Updated
2018-10-15
3 vulnerabilities found