CVE-2024-0417

A vulnerability, which was classified as critical, was found in DeShang DSShop up to 2.1.5. This affects an unknown part of the file application/home/controller/MemberAuth.php. The manipulation of the argument member_info leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250437 was assigned to this vulnerability.
References
Link Resource
https://note.zhaoj.in/share/ZpRTCLblKd7N Exploit
https://vuldb.com/?ctiid.250437 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.250437 Permissions Required Third Party Advisory VDB Entry
https://note.zhaoj.in/share/ZpRTCLblKd7N Exploit
https://vuldb.com/?ctiid.250437 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.250437 Permissions Required Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:csdeshang:dsshop:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:46

Type Values Removed Values Added
References () https://note.zhaoj.in/share/ZpRTCLblKd7N - Exploit () https://note.zhaoj.in/share/ZpRTCLblKd7N - Exploit
References () https://vuldb.com/?ctiid.250437 - Permissions Required, Third Party Advisory, VDB Entry () https://vuldb.com/?ctiid.250437 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.250437 - Permissions Required, Third Party Advisory, VDB Entry () https://vuldb.com/?id.250437 - Permissions Required, Third Party Advisory, VDB Entry
CVSS v2 : 5.5
v3 : 9.8
v2 : 5.5
v3 : 5.4

18 Jan 2024, 20:07

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:csdeshang:dsshop:*:*:*:*:*:*:*:*
First Time Csdeshang
Csdeshang dsshop
References () https://vuldb.com/?id.250437 - () https://vuldb.com/?id.250437 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?ctiid.250437 - () https://vuldb.com/?ctiid.250437 - Permissions Required, Third Party Advisory, VDB Entry
References () https://note.zhaoj.in/share/ZpRTCLblKd7N - () https://note.zhaoj.in/share/ZpRTCLblKd7N - Exploit

11 Jan 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-11 18:15

Updated : 2024-11-21 08:46


NVD link : CVE-2024-0417

Mitre link : CVE-2024-0417

CVE.ORG link : CVE-2024-0417


JSON object : View

Products Affected

csdeshang

  • dsshop
CWE
CWE-24

Path Traversal: '../filedir'