CVE-2024-11992
CVE-2024-11992
Título es
CVE-2024-11992
Vie, 29/11/2024 – 13:15
Tipo
CWE-22
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-11992
Descripción en
Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file if it has the appropriate permissions outside of documentroot configured on the server via the aDirFiles%5B0%5D parameter in the admin.php page. This vulnerability allows an attacker to delete files stored on the server due to a lack of proper verification of user-supplied input.
29/11/2024
29/11/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
9.10
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL
Referencias
https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-vulnerability-quickcms
Enviar en el boletín
Off
