← Zuruck zu CVEs
CVE-2024-39171
CRITICAL9.8
Beschreibung
Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht7/9/2024
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
phpvibe:phpvibe
Schwachen (CWE)
CWE-22CWE-35
Referenzen
http://phpvibe.com(cve@mitre.org)
http://phpvibe.com(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/751897386/PHPVibe_vulnerability_Directory-Traversal(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.