CVE-2024-11238 | Landray EKP up to 16.0 sysUiComponent.do?method=delPreviewFile directoryPath path traversal

A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal.

This vulnerability is uniquely identified as CVE-2024-11238. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-11238 | Landray EKP up to 16.0 sysUiComponent.do?method=delPreviewFile directoryPath path traversal

Post correlati

CVE-2023-52881 | Linux Kernel up to 6.6.6 TCP ACK unknown vulnerability

CVE-2024-1633 | Renesas rcar_gen3 2.5 Image bl2_mem_params_descs integer overflow

CVE-2024-3528 | Campcodes Complete Online Student Management System 1.0 units_view.php FirstRecord cross site scripting

CVE-2024-1458 | Livemesh Elementor Addons Plugin up to 8.3.4 on WordPress Animated Text Widget cross site scripting