Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can copy arbitrary folders, and because the 143984 reference is about a different concern (unrelated to directory copying) that was fixed in 3.5b.
References
Configurations
History
05 Feb 2025, 16:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-284 |
Information
Published : 2023-04-19 15:15
Updated : 2025-02-05 16:15
NVD link : CVE-2023-29586
Mitre link : CVE-2023-29586
CVE.ORG link : CVE-2023-29586
JSON object : View
Products Affected
codesector
- teracopy
CWE