CVE-2024-12482 | cjbi wetech-cms 1.0/1.1/1.2 Database Backup BackupFileUtil.java backup name path traversal

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been rated as problematic. Affected by this issue is the function backup of the file wetech-cms-masterwetech-basic-commonsrcmainjavatechwetechbasicutilBackupFileUtil.java of the component Database Backup Handler. The manipulation of the argument name leads to path traversal: ‘../filedir’.

This vulnerability is handled as CVE-2024-12482. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-12482 | cjbi wetech-cms 1.0/1.1/1.2 Database Backup BackupFileUtil.java backup name path traversal

Post correlati

CVE-2024-3477 | Popup Box Plugin up to 2.2.6 on WordPress cross-site request forgery

CVE-2024-2072 | SourceCodester Flashcard Quiz App 1.0 update-flashcard.php question/answer cross site scripting

CVE-2024-10041 | Red Hat Enterprise Linux 7/8/9 PAM /etc/shadow information disclosure

CVE-2024-6834 | Open Mainframe Project Zowe up to 2.13.x APIML Spring Cloud Gateway certificate validation