CVE-2024-27954

CRITICAL Year: 2024
CVSS v3 Score
9.3
Critical
Weakness Type
CWE-22
View all →

Vulnerability Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0.

Related Vulnerabilities

CVE-2020-15229

CRITICAL
CVSS:9.3(Critical)

Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, ...

CWE-222020

CVE-2022-31501

CRITICAL
CVSS:9.3(Critical)

The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

CWE-222022

CVE-2022-31502

CRITICAL
CVSS:9.3(Critical)

The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

CWE-222022

CVE-2022-31503

CRITICAL
CVSS:9.3(Critical)

The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

CWE-222022

CVE-2022-31504

CRITICAL
CVSS:9.3(Critical)

The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

CWE-222022

CVE-2022-31505

CRITICAL
CVSS:9.3(Critical)

The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

CWE-222022