GTONE ChangeFlow Path Traversal Vulnerability Allowing Unrestricted File Upload

Vulnerability

A path traversal vulnerability has been identified in GTONE ChangeFlow, allowing unrestricted file uploads of dangerous types. This issue arises from improper limitations on file paths, enabling access to functionalities not adequately protected by access control lists (ACLs). The vulnerability affects ChangeFlow versions through 9.0.1.1.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, potentially allowing the execution of malicious files or causing other security issues depending on the uploaded content.

Added: Oct 2, 2025, 6:22 AM

Updated: Oct 2, 2025, 6:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

7.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

7.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GTONE ChangeFlow Path Traversal Vulnerability Allowing Unrestricted File Upload

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating