CVE-2024-50054

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-35
View all →

Vulnerability Description

The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system.

Related Vulnerabilities

CVE-2020-26073

HIGH
CVSS:7.5(High)

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is du...

CWE-352020

CVE-2022-2265

HIGH
CVSS:7.5(High)

The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.2...

CWE-352022

CVE-2022-3693

HIGH
CVSS:7.5(High)

Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal.This issue affects FileOrbis File Management System: from unspecified before 10.6.3.

CWE-352022

CVE-2022-48476

HIGH
CVSS:7.5(High)

In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible

CWE-352022

CVE-2023-6252

HIGH
CVSS:7.5(High)

Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensit...

CWE-352023

CVE-2024-36991

HIGH
CVSS:7.5(High)

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerabil...

CWE-352024