CVE-2020-36364

Published: 2021-05-19T19:15Z

Last Modified: 2024-11-21T05:29Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt