Skip to content

Instantly share code, notes, and snippets.

@barrett092
Last active July 25, 2023 09:25
Show Gist options
  • Save barrett092/9ed092e4b14b9145f4d046556eb9dab7 to your computer and use it in GitHub Desktop.
Save barrett092/9ed092e4b14b9145f4d046556eb9dab7 to your computer and use it in GitHub Desktop.
Author: Christopher J. Barretto
Organization: GraVoc
CVE ID: CVE-2023-33524
Name of Product: Advent/SSC Inc. Tamale RMS
Affection Version: Tamale RMS - All versions under 23.1
Fixed Version: 23.1 and above
Description: If one traverses to the affected URL, one enumerate Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app.
Vulnerability Type: Directory Traversal
Root Cause: Unrestricted endpoint at:
/ts-admin/Contact
/ts-admin/Login
Impact: Access to data such as Contact Information and other information within the web application.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment