System Dashboard
CVE-2024-10708
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (wpscan) · only source for this CVE.
CVSS VectorVendor: wpscan
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server
AnalysisAI
The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server Affected products include: Bowo System Dashboard. Version information: before 2.8.15.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in System Dashboard
View allThe System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today