CVE-2024-35778

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-35778
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through 2.5.17.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://patchstack.com/database/vulnerability/slideshow-se/wordpress-slideshow-se-plugin-2-5-17-author-limited-local-file-inclusion-vulnerability?_s_id=cve Third Party Advisory
https://patchstack.com/database/vulnerability/slideshow-se/wordpress-slideshow-se-plugin-2-5-17-author-limited-local-file-inclusion-vulnerability?_s_id=cve Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:slideshow_se_project:slideshow_se:*:*:*:*:*:wordpress:*:*
History

21 Nov 2024, 09:20

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8 		v2 : unknown
v3 : 6.5
References () https://patchstack.com/database/vulnerability/slideshow-se/wordpress-slideshow-se-plugin-2-5-17-author-limited-local-file-inclusion-vulnerability?_s_id=cve - Third Party Advisory () https://patchstack.com/database/vulnerability/slideshow-se/wordpress-slideshow-se-plugin-2-5-17-author-limited-local-file-inclusion-vulnerability?_s_id=cve - Third Party Advisory

08 Jul 2024, 10:15

Type Values Removed Values Added
Summary (en) Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE allows PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through 2.5.17. (en) Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through 2.5.17.

24 Jun 2024, 19:15

Type Values Removed Values Added
First Time Slideshow Se Project
Slideshow Se Project slideshow Se
CVSS v2 : unknown
v3 : 6.5 		v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:slideshow_se_project:slideshow_se:*:*:*:*:*:wordpress:*:*
Summary
  • (es) La limitación inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en John West Slideshow SE permite la inclusión de archivos locales PHP. Este problema afecta a Slideshow SE: desde n/a hasta 2.5.17.
References () https://patchstack.com/database/vulnerability/slideshow-se/wordpress-slideshow-se-plugin-2-5-17-author-limited-local-file-inclusion-vulnerability?_s_id=cve - () https://patchstack.com/database/vulnerability/slideshow-se/wordpress-slideshow-se-plugin-2-5-17-author-limited-local-file-inclusion-vulnerability?_s_id=cve - Third Party Advisory

21 Jun 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-21 16:15

Updated : 2024-11-21 09:20

NVD link : CVE-2024-35778

Mitre link : CVE-2024-35778

CVE.ORG link : CVE-2024-35778

JSON object : View

Products Affected

slideshow_se_project

  • slideshow_se
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024