MBLogic HMIServer Directory Traversal vulnerability
Brought to you by:
mgriffin7
Menu
▾
▴
#4 MBLogic HMIServer Directory Traversal vulnerability
The HMIServer component of MBLogic is vulnerable to directory traversal.
The 'GetWebPage()' function in the './hmiserver/MBWebPage.py' file does not properly sanitize the user-supplied file path used in a call to 'open()'
See the attached advisory for more information.
MBLogic HMIServer Directory Traversal vulnerability