CVE-2024-8409

A vulnerability classified as problematic has been found in ABCD ABCD2 up to 2.2.0-beta-1. This affects an unknown part of the file /common/show_image.php. The manipulation of the argument image leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://github.com/peritocibernetico/ABCD_Vulnerabilities Not Applicable
https://vuldb.com/?ctiid.276489 Permissions Required
https://vuldb.com/?id.276489 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:abcd-community:abcd:2.2.0:alpha:*:*:*:*:*:*
cpe:2.3:a:abcd-community:abcd:2.2.0:beta0:*:*:*:*:*:*

History

05 Sep 2024, 14:20

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como problemática en ABCD ABCD2 hasta la versión 2.2.0-beta-1. Afecta a una parte desconocida del archivo /common/show_image.php. La manipulación del argumento image provoca un path traversal: '../filedir'. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse. Se contactó primeramente con el proveedor sobre esta revelación, pero no respondió de ninguna manera.
CWE CWE-22
References () https://github.com/peritocibernetico/ABCD_Vulnerabilities - () https://github.com/peritocibernetico/ABCD_Vulnerabilities - Not Applicable
References () https://vuldb.com/?ctiid.276489 - () https://vuldb.com/?ctiid.276489 - Permissions Required
References () https://vuldb.com/?id.276489 - () https://vuldb.com/?id.276489 - Third Party Advisory, VDB Entry
CVSS v2 : 4.0
v3 : 4.3
v2 : 4.0
v3 : 7.5
CPE cpe:2.3:a:abcd-community:abcd:2.2.0:beta0:*:*:*:*:*:*
cpe:2.3:a:abcd-community:abcd:2.2.0:alpha:*:*:*:*:*:*
First Time Abcd-community
Abcd-community abcd

04 Sep 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-04 15:15

Updated : 2024-09-05 14:20


NVD link : CVE-2024-8409

Mitre link : CVE-2024-8409

CVE.ORG link : CVE-2024-8409


JSON object : View

Products Affected

abcd-community

  • abcd
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-24

Path Traversal: '../filedir'