CVE-2024-54452
CVE-2024-54452
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.9EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
27 Dec 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 and 7.10.x through 7.10.0.18. A Directory Traversal and Local File Inclusion vulnerability in the logsSys.do page allows remote attackers (authenticated as administrators) to trigger the display of unintended files. Any file accessible to the Kurmi user account could be displayed, e.g., configuration files with information such as the database password.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a