Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Ecava IntegraXor < 4.1.4369 Project Directory Information Disclosure

High

Synopsis

A vulnerable version of Ecava IntegraXor has been detected.

Description

Ecava IntegraXor versions < 4.1.4369 contain an information disclosure vulnerability. Project backup files can be accessed by bypassing file access restrictions with a specially crafted URL. Since credentials are stored in cleartext in certain project backup files, an attacker could use this information to possibly achieve remote code execution.

Solution

Upgrade to version 4.1.4369 or later.