How severe is CVE-2018-20250?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2018-20250?

This is classified as CWE-36, which is a common weakness in software security.

CVE-2018-20250 - HIGH Severity | CVSS 7.8

Vulnerability Description

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

Related Vulnerabilities

CVE-2021-1296

HIGH

CVSS:7.5(High)

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct d...

CWE-362021

CVE-2021-1297

HIGH

CVSS:7.5(High)

CWE-362021

CVE-2023-2765

HIGH

CVSS:7.5(High)

A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the...

CWE-362023

CVE-2023-4172

HIGH

CVSS:7.5(High)

A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\...

CWE-362023

CVE-2024-11978

HIGH

CVSS:7.5(High)

DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.

CWE-362024

CVE-2024-12643

HIGH

CVSS:8.1(High)

The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to t...

CWE-362024