CWE-35
Path Traversal: '.../...//'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
CVE-2024-2654 (GCVE-0-2024-2654)
Vulnerability from cvelistv5 – Published: 2024-04-09 18:59 – Updated: 2026-04-08 17:23
VLAI
Title
File Manager <= 7.2.5 - Authenticated (Administrator+) Directory Traversal
Summary
The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information.
Severity
6.8 (Medium)
CWE
- CWE-35 - Path Traversal: '.../...//'
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mndpsingh287 | File Manager |
Affected:
0 , ≤ 7.2.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T17:02:21.174260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:02:57.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:18:48.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca98fbc6-8cfa-4997-8a46-344afb75a97e?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-file-manager/trunk/file_folder_manager.php#L1353"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3062387/wp-file-manager/trunk?contextall=1\u0026old=3051451\u0026old_path=%2Fwp-file-manager%2Ftrunk"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "File Manager",
"vendor": "mndpsingh287",
"versions": [
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdelnour Osman"
}
],
"descriptions": [
{
"lang": "en",
"value": "The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35 Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:23:19.350Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca98fbc6-8cfa-4997-8a46-344afb75a97e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-file-manager/trunk/file_folder_manager.php#L1353"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3062387/wp-file-manager/trunk?contextall=1\u0026old=3051451\u0026old_path=%2Fwp-file-manager%2Ftrunk"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-03T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "File Manager \u003c= 7.2.5 - Authenticated (Administrator+) Directory Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2654",
"datePublished": "2024-04-09T18:59:21.868Z",
"dateReserved": "2024-03-19T15:26:37.155Z",
"dateUpdated": "2026-04-08T17:23:19.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27901 (GCVE-0-2024-27901)
Vulnerability from cvelistv5 – Published: 2024-04-09 00:55 – Updated: 2024-09-06 18:01
VLAI
Title
Directory Traversal vulnerability in SAP Asset Accounting
Summary
SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.
Severity
7.2 (High)
CWE
- CWE-35 - Path Traversal
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP Asset Accounting |
Affected:
SAP_APPL 600
Affected: SAP_APPL 602 Affected: SAP_APPL 603 Affected: SAP_APPL 604 Affected: SAP_APPL 605 Affected: SAP_APPL 606 Affected: SAP_FIN617 Affected: SAP_FIN 618 Affected: SAP_FIN700 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/3438234"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sap:asset_accounting:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "asset_accounting",
"vendor": "sap",
"versions": [
{
"status": "affected",
"version": "sap_appl600"
},
{
"status": "affected",
"version": "sap_appl602"
},
{
"status": "affected",
"version": "sap_appl603"
},
{
"status": "affected",
"version": "sap_appl604"
},
{
"status": "affected",
"version": "sap_appl605"
},
{
"status": "affected",
"version": "sap_appl606"
},
{
"status": "affected",
"version": "sap_fin617"
},
{
"status": "affected",
"version": "sap_fin618"
},
{
"status": "affected",
"version": "sap_fin700"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T16:26:56.367266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T18:01:25.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Asset Accounting",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_APPL 600"
},
{
"status": "affected",
"version": "SAP_APPL 602"
},
{
"status": "affected",
"version": "SAP_APPL 603"
},
{
"status": "affected",
"version": "SAP_APPL 604"
},
{
"status": "affected",
"version": "SAP_APPL 605"
},
{
"status": "affected",
"version": "SAP_APPL 606"
},
{
"status": "affected",
"version": "SAP_FIN617"
},
{
"status": "affected",
"version": "SAP_FIN 618"
},
{
"status": "affected",
"version": "SAP_FIN700"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API\u0027s. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.\u003c/p\u003e"
}
],
"value": "SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API\u0027s. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35: Path Traversal",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T00:55:03.642Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3438234"
},
{
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Directory Traversal vulnerability in SAP Asset Accounting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-27901",
"datePublished": "2024-04-09T00:55:03.642Z",
"dateReserved": "2024-02-27T06:26:16.787Z",
"dateUpdated": "2024-09-06T18:01:25.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2863 (GCVE-0-2024-2863)
Vulnerability from cvelistv5 – Published: 2024-03-25 06:39 – Updated: 2024-08-01 19:25
VLAI
Title
Path traversal via file upload on LG LED Assistant
Summary
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.
Severity
5.3 (Medium)
CWE
- CWE-35 - Path Traversal: '.../...//'
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LG Electronics | LG LED Assistant |
Affected:
2.1.65
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lg:lg_led_assistant:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lg_led_assistant",
"vendor": "lg",
"versions": [
{
"status": "unknown",
"version": "0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2863",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T17:43:44.115980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T17:52:34.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:42.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LG LED Assistant",
"vendor": "LG Electronics",
"versions": [
{
"status": "affected",
"version": "2.1.65"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant."
}
],
"value": "This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35: Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T08:41:29.086Z",
"orgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"shortName": "LGE"
},
"references": [
{
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Path traversal via file upload on LG LED Assistant",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"assignerShortName": "LGE",
"cveId": "CVE-2024-2863",
"datePublished": "2024-03-25T06:39:46.717Z",
"dateReserved": "2024-03-25T06:11:39.846Z",
"dateUpdated": "2024-08-01T19:25:42.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36991 (GCVE-0-2024-36991)
Vulnerability from cvelistv5 – Published: 2024-07-01 16:31 – Updated: 2025-02-28 11:03
VLAI
Title
Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows
Summary
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Severity
7.5 (High)
CWE
- CWE-35 - The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Splunk | Splunk Enterprise |
Affected:
9.2 , < 9.2.2
(custom)
Affected: 9.1 , < 9.1.5 (custom) Affected: 9.0 , < 9.0.10 (custom) |
Date Public
2024-07-01 00:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:splunk:splunk:9.0.0:*:*:*:enterprise:*:*:*"
],
"defaultStatus": "affected",
"product": "splunk",
"vendor": "splunk",
"versions": [
{
"lessThan": "9.0.10",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:splunk:splunk:9.1.0:*:*:*:enterprise:*:*:*"
],
"defaultStatus": "affected",
"product": "splunk",
"vendor": "splunk",
"versions": [
{
"lessThan": "9.1.5",
"status": "affected",
"version": "9.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:splunk:splunk:9.2:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "splunk",
"vendor": "splunk",
"versions": [
{
"lessThan": "9.2.2",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36991",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T20:11:28.292396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:33:58.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://advisory.splunk.com/advisories/SVD-2024-0711"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.2.2",
"status": "affected",
"version": "9.2",
"versionType": "custom"
},
{
"lessThan": "9.1.5",
"status": "affected",
"version": "9.1",
"versionType": "custom"
},
{
"lessThan": "9.0.10",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Danylo Dmytriiev (DDV_UA)"
}
],
"datePublic": "2024-07-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows."
}
],
"value": "In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \u0027.../...//\u0027 (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T11:03:48.685Z",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2024-0711"
},
{
"url": "https://research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa"
}
],
"source": {
"advisory": "SVD-2024-0711"
},
"title": "Path Traversal on the \u201c/modules/messaging/\u201c endpoint in Splunk Enterprise on Windows"
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2024-36991",
"datePublished": "2024-07-01T16:31:03.563Z",
"dateReserved": "2024-05-30T16:36:21.001Z",
"dateUpdated": "2025-02-28T11:03:48.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38706 (GCVE-0-2024-38706)
Vulnerability from cvelistv5 – Published: 2024-07-12 14:08 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress HT Mega plugin <= 2.5.7 - JSON Path Traversal vulnerability
Summary
Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.5.7.
Severity
6.5 (Medium)
CWE
- CWE-35 - Path Traversal: '.../...//'
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Date Public
2026-04-01 16:26
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T19:49:44.452616Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T20:28:14.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:19.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-plugin-2-5-7-json-path-traversal-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "ht-mega-for-elementor",
"product": "HT Mega",
"vendor": "DevItems",
"versions": [
{
"changes": [
{
"at": "2.5.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.5.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafie Muhammad | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:26:49.615Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path Traversal: \u0027.../...//\u0027 vulnerability in DevItems HT Mega ht-mega-for-elementor.\u003cp\u003eThis issue affects HT Mega: from n/a through \u003c= 2.5.7.\u003c/p\u003e"
}
],
"value": "Path Traversal: \u0027.../...//\u0027 vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through \u003c= 2.5.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:05.097Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/ht-mega-for-elementor/vulnerability/wordpress-ht-mega-plugin-2-5-7-json-path-traversal-vulnerability?_s_id=cve"
}
],
"title": "WordPress HT Mega plugin \u003c= 2.5.7 - JSON Path Traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-38706",
"datePublished": "2024-07-12T14:08:50.645Z",
"dateReserved": "2024-06-19T11:16:10.229Z",
"dateUpdated": "2026-04-28T16:10:05.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41972 (GCVE-0-2024-41972)
Vulnerability from cvelistv5 – Published: 2024-11-18 09:04 – Updated: 2025-08-27 21:33
VLAI
Title
WAGO: Arbitrary File Overwrite Leading to Privileged File Read in Multiple Devices
Summary
A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges.
Severity
6.5 (Medium)
CWE
- CWE-35 - Path Traversal: '.../...//'
Assigner
References
1 reference
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | CC100 0751-9x01 |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | PFC100 G2 0750-811x-xxxx-xxxx |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | PFC200 G2 750-821x-xxx-xxx |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | TP600 0762-420x/8000-000x |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | TP600 0762-430x/8000-000x |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | TP600 0762-520x/8000-000x |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | TP600 0762-530x/8000-000x |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | TP600 0762-620x/8000-000x |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | TP600 0762-630x/8000-000x |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | Edge Controller 0752-8303/8000-0002 |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | PFC200 G2 0750-821x/xxx-xxx |
Affected:
0.0.0 , ≤ 04.04.03 (70)
(semver)
|
|
| WAGO | CC100 0751/9x01 |
Affected:
0.0.0 , ≤ 04.03.03 (72)
(semver)
|
|
| WAGO | CC100 0751/9x01 |
Affected:
0.0.0 , ≤ 04.04.03 (70)
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T14:53:48.536484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:33:03.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9x01",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 G2 0750-811x-xxxx-xxxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 G2 750-821x-xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-420x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-430x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-520x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-530x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-620x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-630x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller 0752-8303/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 G2 0750-821x/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "04.04.03 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751/9x01",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "04.03.03 (72)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751/9x01",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "04.04.03 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Giubertoni"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low privileged remote attacker can\u0026nbsp;overwrite an arbitrary file on the filesystem which\u0026nbsp;may lead to an arbitrary file read with root privileges.\u003cbr\u003e"
}
],
"value": "A low privileged remote attacker can\u00a0overwrite an arbitrary file on the filesystem which\u00a0may lead to an arbitrary file read with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35 Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T08:43:14.234Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-047"
}
],
"source": {
"advisory": "VDE-2024-047",
"defect": [
"CERT@VDE#641658"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: Arbitrary File Overwrite Leading to Privileged File Read in Multiple Devices",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-41972",
"datePublished": "2024-11-18T09:04:56.284Z",
"dateReserved": "2024-07-25T09:07:31.466Z",
"dateUpdated": "2025-08-27T21:33:03.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41973 (GCVE-0-2024-41973)
Vulnerability from cvelistv5 – Published: 2024-11-18 09:05 – Updated: 2025-08-27 21:33
VLAI
Title
WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices
Summary
A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges.
Severity
8.1 (High)
CWE
- CWE-35 - Path Traversal: '.../...//'
Assigner
References
1 reference
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | CC100 0751-9x01 |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | PFC100 G2 0750-811x-xxxx-xxxx |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | PFC200 G2 750-821x-xxx-xxx |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | TP600 0762-420x/8000-000x |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | TP600 0762-430x/8000-000x |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | TP600 0762-520x/8000-000x |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | TP600 0762-530x/8000-000x |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | TP600 0762-620x/8000-000x |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | TP600 0762-630x/8000-000x |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | Edge Controller 0752-8303/8000-0002 |
Affected:
0.0.0 , ≤ 4.5.10 (FW27)
(semver)
|
|
| WAGO | PFC200 G2 0750-821x/xxx-xxx |
Affected:
0.0.0 , ≤ 04.04.03 (70)
(semver)
|
|
| WAGO | CC100 0751/9x01 |
Affected:
0.0.0 , ≤ 04.03.03 (72)
(semver)
|
|
| WAGO | CC100 0751/9x01 |
Affected:
0.0.0 , ≤ 04.04.03 (70)
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T15:13:35.584257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:33:03.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CC100 0751-9x01",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100 G2 0750-811x-xxxx-xxxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 G2 750-821x-xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-420x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-430x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-520x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-530x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-620x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TP600 0762-630x/8000-000x",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller 0752-8303/8000-0002",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "4.5.10 (FW27)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200 G2 0750-821x/xxx-xxx",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "04.04.03 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751/9x01",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "04.03.03 (72)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC100 0751/9x01",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "04.04.03 (70)",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Giubertoni"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low privileged remote attacker can\u0026nbsp;specify an arbitrary file on the filesystem which\u0026nbsp;may lead to an arbitrary file writes with root privileges.\u003cbr\u003e"
}
],
"value": "A low privileged remote attacker can\u00a0specify an arbitrary file on the filesystem which\u00a0may lead to an arbitrary file writes with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35 Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T08:45:53.917Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-047"
}
],
"source": {
"advisory": "VDE-2024-047",
"defect": [
"CERT@VDE#641658"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-41973",
"datePublished": "2024-11-18T09:05:15.892Z",
"dateReserved": "2024-07-25T09:07:31.466Z",
"dateUpdated": "2025-08-27T21:33:03.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45190 (GCVE-0-2024-45190)
Vulnerability from cvelistv5 – Published: 2024-08-23 19:16 – Updated: 2024-11-25 12:34
VLAI
Title
Mage AI pipeline interaction request remote arbitrary file leak
Summary
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request
Severity
6.5 (Medium)
CWE
- CWE-35 - Path Traversal: '.../...//'
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mage:mage-ai:*:*:*:*:*:python:*:*"
],
"defaultStatus": "unknown",
"product": "mage-ai",
"vendor": "mage",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45190",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T19:34:47.192037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35 Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T19:39:16.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/pip",
"defaultStatus": "unaffected",
"packageName": "mage-ai",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMage AI allows remote users with the \"Viewer\" role to leak arbitrary files from the Mage server due to a path traversal in the \"Pipeline Interaction\" request\u003c/p\u003e"
}
],
"value": "Mage AI allows remote users with the \"Viewer\" role to leak arbitrary files from the Mage server due to a path traversal in the \"Pipeline Interaction\" request"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35 Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T12:34:23.043Z",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://research.jfrog.com/vulnerabilities/mage-ai-pipeline-interaction-request-remote-arbitrary-file-leak-jfsa-2024-001039605/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Mage AI pipeline interaction request remote arbitrary file leak",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2024-45190",
"datePublished": "2024-08-23T19:16:17.818Z",
"dateReserved": "2024-08-22T07:56:35.556Z",
"dateUpdated": "2024-11-25T12:34:23.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45248 (GCVE-0-2024-45248)
Vulnerability from cvelistv5 – Published: 2024-10-06 12:20 – Updated: 2024-10-07 15:24
VLAI
Title
Multi-DNC – CWE-35: Path Traversal: '.../...//'
Summary
Multi-DNC – CWE-35: Path Traversal: '.../...//'
Severity
7.5 (High)
CWE
- CWE-35 - Path Traversal: '.../...//'
Assigner
References
1 reference
Impacted products
Date Public
2024-10-06 11:46
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:multi-dnc:multi-dnc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "multi-dnc",
"vendor": "multi-dnc",
"versions": [
{
"lessThan": "12.6.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T15:08:23.248007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T15:24:27.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Multi-DNC",
"vendor": "Multi-DNC",
"versions": [
{
"lessThan": "Upgrade to version 12.6.8 or higher",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gad Abuhatziera, Nimrod Bickels, Itay Cherdman - SOPHTIX Security LTD"
}
],
"datePublic": "2024-10-06T11:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multi-DNC \u2013 CWE-35: Path Traversal: \u0027.../...//\u0027\u003cbr\u003e"
}
],
"value": "Multi-DNC \u2013 CWE-35: Path Traversal: \u0027.../...//\u0027"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35: Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-06T12:20:54.071Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to version 12.6.8 \u0026nbsp;or higher\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Upgrade to version 12.6.8 \u00a0or higher"
}
],
"source": {
"advisory": "ILVN-2024-0200",
"discovery": "UNKNOWN"
},
"title": "Multi-DNC \u2013 CWE-35: Path Traversal: \u0027.../...//\u0027",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-45248",
"datePublished": "2024-10-06T12:20:54.071Z",
"dateReserved": "2024-08-25T06:16:04.248Z",
"dateUpdated": "2024-10-07T15:24:27.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47169 (GCVE-0-2024-47169)
Vulnerability from cvelistv5 – Published: 2024-09-26 17:11 – Updated: 2024-09-26 18:23
VLAI
Title
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
Summary
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. This does affect publicly hosted installs without S3-compatible storage. Version 1.0.330 fixes this vulnerability.
Severity
8.8 (High)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/agnaistic/agnai/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:agnai:agnai:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agnai",
"vendor": "agnai",
"versions": [
{
"lessThan": "1.0.330",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47169",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T17:33:28.285073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T18:23:22.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "agnai",
"vendor": "agnaistic",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.330"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. This does affect publicly hosted installs without S3-compatible storage. Version 1.0.330 fixes this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35: Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T17:11:42.815Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/agnaistic/agnai/security/advisories/GHSA-mpch-89gm-hm83",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/agnaistic/agnai/security/advisories/GHSA-mpch-89gm-hm83"
}
],
"source": {
"advisory": "GHSA-mpch-89gm-hm83",
"discovery": "UNKNOWN"
},
"title": "Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47169",
"datePublished": "2024-09-26T17:11:42.815Z",
"dateReserved": "2024-09-19T22:32:11.960Z",
"dateUpdated": "2024-09-26T18:23:22.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-5.1
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, the ".../...//" manipulation is useful for bypassing some path traversal protection schemes. If "../" sequences are removed from the ".../...//" string in a sequential fashion (as some regular expression engines and other algorithms operate) the string can collapse into the unsafe "../" value (CWE-182). Removing the first "../" yields "....//" and the second removal yields "../".
Mitigation ID: MIT-20
Phase: Implementation
Strategy: Input Validation
Description:
- Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.