exploitDog

CVE-2024-6707

Опубликовано: 07 авг. 2024

Источник: nvd

CVSS3: 8.8

CVSS3: 7.5

EPSS Низкий

Описание

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.

Ссылки

https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt
Exploit
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Aug/4
http://www.openwall.com/lists/oss-security/2024/08/08/7

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:openwebui:open_webui:0.1.105:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00203

Низкий

8.8 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-67jr-crfx-vm73

CVSS3: 7.5

github

больше 1 года назад

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.

EPSS

Процентиль: 42%

0.00203

Низкий

8.8 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-22

CWE-22