exploitDog

CVE-2024-22723

Опубликовано: 28 фев. 2024

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the 'media/' directory) to access sensitive files in other parts of the application's file system.

Ссылки

https://cupc4k3.medium.com/cve-2024-22723-webtrees-vulnerability-uncovering-sensitive-data-through-path-traversal-7442e7a38b68
Exploit
Third Party Advisory
https://cupc4k3.medium.com/cve-2024-22723-webtrees-vulnerability-uncovering-sensitive-data-through-path-traversal-7442e7a38b68
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webtrees:webtrees:2.1.18:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00215

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-22

CWE-31

Связанные уязвимости

GHSA-6w5q-79rf-7c49

CVSS3: 4.9

github

почти 2 года назад

Webtrees Path Traversal vulnerability

EPSS

Процентиль: 44%

0.00215

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-22

CWE-31