CVE-2024-53586

An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing data outside the intended directory.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://packetstorm.news/files/id/189017

Configurations

No configuration.

History

11 Feb 2025, 15:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.3~~	v2 : unknown v3 : 5.3

10 Feb 2025, 21:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.3
Summary		(es) Un problema en el parámetro relPath de la versión 2.31.0 de WebFileSys permite a los atacantes realizar un directory traversal a través de una solicitud HTTP manipulada. Al inyectar payloads de recorrido en el parámetro, los atacantes pueden manipular las rutas de archivo y obtener acceso no autorizado a archivos confidenciales, lo que podría exponer datos fuera del directorio previsto.
CWE		CWE-22

06 Feb 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-06 22:15

Updated : 2025-02-11 15:15

NVD link : CVE-2024-53586

Mitre link : CVE-2024-53586

CVE.ORG link : CVE-2024-53586

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

5.3 /10