How severe is CVE-2024-7551?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2024-7551?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2024-7551 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273696. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2016-10528

MEDIUM

CVSS:4.9(Medium)

restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it t...

CWE-222016

CVE-2016-4004

MEDIUM

CVSS:4.9(Medium)

Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parame...

CWE-222016

CVE-2016-4314

MEDIUM

CVSS:4.9(Medium)

Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to ...

CWE-222016

CVE-2016-5092

MEDIUM

CVSS:4.9(Medium)

Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn featur...

CWE-222016

CVE-2016-7135

MEDIUM

CVSS:4.9(Medium)

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile act...

CWE-222016

CVE-2017-10841

MEDIUM

CVSS:4.9(Medium)

Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.

CWE-222017