CVE-2024-53586
MEDIUMCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
3Description
An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing data outside the intended directory.
Analysis
An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical Context
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing data outside the intended directory. Version information: version 2.31.0.
Affected Products
See vendor advisory for affected versions.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today