CVE-2024-2564 | PandaXGO PandaX up to 20240310 /apps/system/api/user.go ExportUser filename path traversal

Inserito da Angelo Barbosa | Mar 16, 2024 | CVE

A vulnerability was found in PandaXGO PandaX up to 20240310 and classified as critical. This issue affects the function ExportUser of the file /apps/system/api/user.go. The manipulation of the argument filename leads to path traversal: ‘../filedir’.

The identification of this vulnerability is CVE-2024-2564. The attack may be initiated remotely. Furthermore, there is an exploit available.

CVE-2024-2564 | PandaXGO PandaX up to 20240310 /apps/system/api/user.go ExportUser filename path traversal

Post correlati

CVE-2023-41613 | EzViz Studio 2.2.0 uncontrolled search path (ID 175684)

CVE-2024-5193 | Ritlabs TinyWeb Server 1.94 Request crlf injection

CVE-2024-4641 | Moxa OnCell G3150A-LTE up to 1.7.7 format string

CVE-2023-51416 | EnvialoSimple EnvíaloSimple Plugin up to 2.3 on WordPress cross-site request forgery