CVE-2024-1703

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
CVSS v2 Score
2.7
Low
Weakness Type
CWE-36
View all →

Vulnerability Description

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2023-1176

MEDIUM
CVSS:5.3(Medium)

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.

CWE-362023

CVE-2023-5390

MEDIUM
CVSS:5.3(Medium)

An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files f...

CWE-362023

CVE-2024-10047

MEDIUM
CVSS:5.3(Medium)

parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTT...

CWE-362024

CVE-2024-6097

MEDIUM
CVSS:5.3(Medium)

In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability.

CWE-362024

CVE-2021-34711

MEDIUM
CVSS:5.5(Medium)

A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input v...

CWE-362021

CVE-2024-57966

MEDIUM
CVSS:5.0(Medium)

libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.

CWE-362024