2024-11-19
Platform: EyouCMS
Version: 1.51
Vulnerability: Path Traversal
Severity: Medium
Date: November 14, 2024 (Published), November 19, 2024 (Last Modified)
:
A critical vulnerability (CVE-2024-11210) exists in EyouCMS version 1.51. This vulnerability affects the editFile function within the application/admin/logic/FilemanagerLogic.php file. An attacker can exploit this vulnerability by manipulating the “activepath” argument, allowing for unauthorized access to the system’s files. The exploit code is publicly available, and the vendor has not responded to attempts at disclosure.
What Undercode Says:
This vulnerability poses a serious threat to EyouCMS users. Attackers can potentially gain access to sensitive information or even take control of the entire system. We strongly recommend that EyouCMS users upgrade to a patched version as soon as possible. If an update is not immediately available, consider implementing additional security measures to mitigate the risk.
Additional Notes:
The severity of this vulnerability is rated as “MEDIUM” according to CVSS v4.0.
Public exploit code exists for this vulnerability.
The EyouCMS vendor has not responded to attempts at disclosure.
It is important to note that this information is for educational purposes only. Please consult with a security professional for advice on securing your specific system.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help