CVE-2024-13042 | Tsinghua Unigroup Electronic Archives Management System 3.2.210802(62532) SubjectController.class.php download path information disclosure

Inserito da Angelo Barbosa | Dic 30, 2024 | CVE

A vulnerability was found in Tsinghua Unigroup Electronic Archives Management System 3.2.210802(62532). It has been classified as problematic. Affected is the function download of the file SubjectController.class.php. The manipulation of the argument path leads to information disclosure.

This vulnerability is traded as CVE-2024-13042. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2024-13042 | Tsinghua Unigroup Electronic Archives Management System 3.2.210802(62532) SubjectController.class.php download path information disclosure

Post correlati

CVE-2023-6440 | SourceCodester Book Borrower System 1.0 endpoint/add-book.php Book Title/Book Author cross site scripting

CVE-2024-9726 | Trimble SketchUp Viewer SKP File Parser stack-based overflow (ZDI-24-1475)

CVE-2024-46981 | Redis up to 6.2.16/7.2.6/7.4.1 Lua Script use after free (GHSA-39h2-x6c4-6w4c)

CVE-2024-49403 | Samsung Voice Recorder prior 21.5.40.37 access control