A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://github.com/nn0nkey/nn0nkey/blob/main/eyoucms/mlcy.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.284525 | Permissions Required |
https://vuldb.com/?id.284525 | Third Party Advisory |
https://vuldb.com/?submit.437451 | Third Party Advisory |
Configurations
History
19 Nov 2024, 18:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:eyoucms:eyoucms:1.5.1:*:*:*:*:*:*:* | |
First Time |
Eyoucms
Eyoucms eyoucms |
|
References | () https://github.com/nn0nkey/nn0nkey/blob/main/eyoucms/mlcy.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.284525 - Permissions Required | |
References | () https://vuldb.com/?id.284525 - Third Party Advisory | |
References | () https://vuldb.com/?submit.437451 - Third Party Advisory |
15 Nov 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
14 Nov 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-14 15:15
Updated : 2024-11-19 18:42
NVD link : CVE-2024-11210
Mitre link : CVE-2024-11210
CVE.ORG link : CVE-2024-11210
JSON object : View
Products Affected
eyoucms
- eyoucms
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')