CVE-2024-6746 | NaiboWang EasySpider 0.6.2 on Windows HTTP GET Request server.js path traversal (Issue 466)

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file EasySpiderresourcesappserver.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: ‘../filedir’.

This vulnerability is known as CVE-2024-6746. The attack needs to be done within the local network. Furthermore, there is an exploit available.

The code maintainer explains, that this is not a big issue “because the default is that the software runs locally without going through the Internet”.

It is recommended to apply restrictive firewalling.

CVE-2024-6746 | NaiboWang EasySpider 0.6.2 on Windows HTTP GET Request server.js path traversal (Issue 466)

Post correlati

CVE-2024-26753 | Linux Kernel up to 5.10.211/6.1.79/6.6.18/6.7.6 crypto virtio_crypto_akcipher_session_para stack-based overflow

CVE-2023-6782 | AMP for WP Plugin up to 1.0.92 on WordPress Shortcode cross site scripting

CVE-2024-1971 | Surya2Developer Online Shopping System 1.0 POST Parameter login.php password sql injection

CVE-2024-1324 | QQWorld Auto Save Images Plugin up to 1.9.8 on WordPress Post Content authorization