CVE-2024-54663

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-829
View all →

Vulnerability Description

An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Local File Inclusion (LFI) vulnerability exists in the /h/rest endpoint, allowing authenticated remote attackers to include and access sensitive files in the WebRoot directory. Exploitation requires a valid auth token and involves crafting a malicious request targeting specific file paths.

Related Vulnerabilities

CVE-2013-3321

HIGH
CVSS:7.5(High)

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.

CWE-8292013

CVE-2018-11040

HIGH
CVSS:7.5(High)

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through ...

CWE-8292018

CVE-2020-10865

HIGH
CVSS:7.5(High)

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components s...

CWE-8292020

CVE-2021-41569

HIGH
CVSS:7.5(High)

SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1...

CWE-8292021

CVE-2022-23630

HIGH
CVSS:7.5(High)

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail t...

CWE-8292022

CVE-2022-34121

HIGH
CVSS:7.5(High)

Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.

CWE-8292022