CVE-2024-10651

Absolute Path Traversal (CWE-36)

Published: Nov 1, 2024 / Updated: 18d ago

010
CVSS 4.9EPSS 0.05%Medium
CVE info copied to clipboard

IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-10651

Nov 1, 2024 at 10:15 AM
CVSS

A CVSS base score of 4.9 has been assigned.

Nov 1, 2024 at 10:20 AM / nvd
First Article

Feedly found the first article mentioning CVE-2024-10651. See article

Nov 1, 2024 at 10:21 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 1, 2024 at 10:21 AM
EPSS

EPSS Score was set to: 0.05% (Percentile: 19.2%)

Nov 2, 2024 at 10:03 AM
Static CVE Timeline Graph

Attack Patterns

CAPEC-597: Absolute Path Traversal
+null more

News

US-CERT Vulnerability Summary for the Week of October 28, 2024
abdullahirfan — documentpress Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Abdullah Irfan DocumentPress allows Reflected XSS.This issue affects DocumentPress: from n/a through 2.1. 2024-10-29 6.1 CVE-2024-49656 [email protected] abdullahirfan — whitelist Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Abdullah Irfan Whitelist allows Reflected XSS.This issue affects Whitelist: from n/a through 3.5. 2024-10-29 6.1 CVE-2024-49643 [email protected] AffiliateX–AffiliateX Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in AffiliateX allows Stored XSS.This issue affects AffiliateX: from n/a through 1.2.9. 2024-10-29 6.5 CVE-2024-49692 [email protected] Ahmed Kaludi, Mohammed Kaludi–AMP for WP Missing Authorization vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AMP for WP: from n/a through 1.0.96.1. 2024-11-01 6.3 CVE-2024-43146 [email protected] Alex Volkov–WP Accessibility Helper (WAH) Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.9.
CVE-2024-10651
Medium Severity Description IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files. Read more at https://www.tenable.com/cve/CVE-2024-10651
Medium - CVE-2024-10651 - IDExpert from CHANGING Information Technology...
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this...
CVE-2024-10651 | Changing Information Technology IDExpert up to 2.8 Administrator Interface absolute path traversal
A vulnerability was found in Changing Information Technology IDExpert up to 2.8 . It has been declared as problematic . Affected by this vulnerability is an unknown functionality of the component Administrator Interface . The manipulation leads to absolute path traversal. This vulnerability is known as CVE-2024-10651 . The attack can be launched remotely. There is no exploit available.
cveNotify : 🚨 CVE-2024-10651IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files.🎖@cveNotify
cveNotify : 🚨 CVE-2024-10651IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files.🎖@cveNotify
See 8 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI