CVE-2024-2563
Path Traversal: '../filedir' (CWE-24)
Published: Mar 17, 2024 / Updated: 8mo ago
010
CVSS 5.4EPSS 0.05%Medium
CVE info copied to clipboard
A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257062 is the identifier assigned to this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Timeline
CVE Assignment
NVD published the first details for CVE-2024-2563
Mar 17, 2024 at 5:15 AM
First Article
Feedly found the first article mentioning CVE-2024-2563. See article
Mar 17, 2024 at 12:21 PM / National Vulnerability Database
EPSS
EPSS Score was set to: 0.05% (Percentile: 12.8%)
Mar 18, 2024 at 4:17 PM
News
Latest vulnerabilities [Monday, March 18, 2024 + weekend]
Last update performed on 03/18/2024 at 06:00:07 AM Vulnerability ID : CVE-2024-27957 First published on : 17-03-2024 17:15:06 Last modified on : 17-03-2024 22:38:29 Description : Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1. CVE ID : CVE-2024-27957 Source : audit@patchstack.com CVSS Score : 10.0 References :
CVE-2024-2563
Medium Severity Description A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257062 is the identifier assigned to this vulnerability. Read more at https://www.tenable.com/cve/CVE-2024-2563
NA - CVE-2024-2563 - A vulnerability has been found in PandaXGO...
A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The...
CVE-2024-2563
A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path CVE-2024-2563 originally published on CyberSecurityBoard
CVE-2024-2563
A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257062 is the identifier assigned to this...
See 2 more articles and social media posts