WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request to the wingate-internal directory.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00391
Percentile: 0.59338

CVSS Scoring

Affected Products

• cpe:2.3:a:qbik:wingate:5.0.5:*:*:*:*:*:*:*
• cpe:2.3:a:qbik:wingate:5.2.3:*:*:*:*:*:*:*
• cpe:2.3:a:qbik:wingate:6.0_beta_2:*:*:*:*:*:*:*

← Back to Home