Vulnerability: BOA Web Server 0.94.14 - Arbitrary File Access

BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of ”../..” using the FILECAMERA variable sent by GET to read files with root privileges and without using access credentials.

Impact

An attacker can gain unauthorized access to sensitive files on the server.

Severity

high

Verified

Unknown