CVE-2024-8707 | 云课网络科技有限公司 Yunke Online School System up to 3.0.6 Appadmin.php downfile url path traversal

Inserito da Angelo Barbosa | Set 11, 2024 | CVE

A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument url leads to path traversal.

This vulnerability was named CVE-2024-8707. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2024-8707 | 云课网络科技有限公司 Yunke Online School System up to 3.0.6 Appadmin.php downfile url path traversal

Post correlati

CVE-2024-8102 | Ultimate Toolkit Plugin up to 3.0.8 on WordPress Options Update improper authorization

CVE-2023-52427 | OpenDDS up to 3.27 on DataWriter resource_limits.max_samples memory corruption (Issue 4388)

CVE-2024-32353 | Totolink X5000R 9.1.0cu.2350_B20230313 /cgi-bin/cstecgi.cgi setSSServer port command injection

CVE-2023-5806 | Mergen Quality Management System up to 1.1 sql injection