← volver
CVE-2024-11992

Path traversal vulnerability in Quick.CMS

CVSS 9.1 CRITICALEPSS 0.8%CWE-22
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.1EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
29 nov 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file if it has the appropriate permissions outside of documentroot configured on the server via the aDirFiles%5B0%5D parameter in the admin.php page. This vulnerability allows an attacker to delete files stored on the server due to a lack of proper verification of user-supplied input.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Productos afectados
Quick.CMS · Quick.CMS