CVE-2024-9405

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-23
View all →

Vulnerability Description

An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the module, but not from recursive directories.

Related Vulnerabilities

CVE-2018-18990

MEDIUM
CVSS:5.3(Medium)

LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information u...

CWE-232018

CVE-2019-13944

MEDIUM
CVSS:5.3(Medium)

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All vers...

CWE-232019

CVE-2021-29488

MEDIUM
CVSS:5.3(Medium)

SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Downloa...

CWE-232021

CVE-2021-32964

MEDIUM
CVSS:5.3(Medium)

The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to a path traversal attack, which may allow an attacker to read arbitrary files from the file system.

CWE-232021

CVE-2022-42892

MEDIUM
CVSS:5.3(Medium)

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that coul...

CWE-232022

CVE-2024-24938

MEDIUM
CVSS:5.3(Medium)

In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation

CWE-232024