Local File Inclusion vulnerability of the omni-directional communication system allows remote authenticated attacker inject absolute path into Url parameter and access arbitrary file.
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as “/abs/path” that can resolve to a location that is outside of that directory.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Omnidirectional_communication_system | Junhetec | 2007.2103 (including) | 2007.2103 (including) |