CVE-2024-5548

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-22
View all →

Vulnerability Description

A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Attackers can exploit this vulnerability by manipulating the 'project_name' parameter in a GET request to download arbitrary files from the system. This issue affects the latest version of the repository. The vulnerability arises due to insufficient input validation in the 'download_project' function, allowing attackers to traverse the directory structure and access files outside the intended directory. This could lead to unauthorized access to sensitive files on the server.

Related Vulnerabilities

CVE-2007-3967

HIGH
CVSS:7.5(High)

Directory traversal vulnerability in index.php in PHP Directory Lister (dirLIST) before 0.1.1 allows remote attackers to list the contents of a parent directory via a .. (dot dot) in the folder parame...

CWE-222007

CVE-2008-3939

HIGH
CVSS:7.5(High)

Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

CWE-222008

CVE-2010-0013

HIGH
CVSS:7.5(High)

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/...

CWE-222010

CVE-2010-10011

HIGH
CVSS:7.5(High)

A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the...

CWE-222010

CVE-2010-5334

HIGH
CVSS:7.5(High)

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain paramet...

CWE-222010