Enterprise Cloud Database
CVE-2024-9983
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (cert) · only source for this CVE.
CVSS VectorVendor: cert
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
AnalysisAI
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-23. Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Affected products include: Ragic Enterprise Cloud Database.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Enterprise Cloud Database
View allEnterprise Cloud Database from Ragic does not properly validate the file type for uploads. Rated critical severity (CVSS
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated re
Unrestricted file upload in Ragic Enterprise Cloud Database exposes all versions to unauthenticated remote exploitation,
Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. Rated medium
Stored XSS in Ragic Enterprise Cloud Database permits unauthenticated remote attackers to inject persistent JavaScript i
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today