CVE-2020-14946
23Vexday Risk Score
No sign of exploitation. It has a public proof of concept.
ssvc Attendepss 7.7%
from disclosure to weapon22 days
Published on NVDJun 22
1st PoC+22d
exploitation probability
7.7%top 6% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or while using a proxy. This vulnerability could be used to view local sensitive files or configuration files.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/158420/BSA-Radar-1.6.7234.24750-Local-File-Inclusion.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48666unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.