CVE-2024-31551

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-31551
Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.yuque.com/sickle-ffnce/awixr8/qu8i0p9y0h277m6u
https://www.yuque.com/sickle-ffnce/awixr8/qu8i0p9y0h277m6u
Configurations

No configuration.

History

21 Nov 2024, 09:13

Type Values Removed Values Added
References () https://www.yuque.com/sickle-ffnce/awixr8/qu8i0p9y0h277m6u - () https://www.yuque.com/sickle-ffnce/awixr8/qu8i0p9y0h277m6u -

01 Aug 2024, 13:50

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
Summary
  • (es) Vulnerabilidad de Directory Traversal en lib/admin/image.admin.php en cmseasy v7.7.7.9 20240105 permite a atacantes eliminar archivos arbitrarios mediante una solicitud GET manipulada.
CWE CWE-26

26 Apr 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-26 22:15

Updated : 2024-11-21 09:13

NVD link : CVE-2024-31551

Mitre link : CVE-2024-31551

CVE.ORG link : CVE-2024-31551

JSON object : View

Products Affected

No product.

CWE
CWE-26

Path Traversal: '/dir/../filename'


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024