CVE-2024-11239 | Landray EKP up to 16.0 API Interface import.do?method=deleteFile folder path traversal

A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument folder leads to path traversal.

This vulnerability was named CVE-2024-11239. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-11239 | Landray EKP up to 16.0 API Interface import.do?method=deleteFile folder path traversal

Related Posts

CVE-2024-2082 | EleForms Plugin up to 2.9.9.7 on WordPress cross site scripting

CVE-2024-37495 | Mediavine Create Plugin up to 1.9.7 on WordPress cross site scripting

CVE-2023-49172 | BrainCert Plugin up to 1.30 on WordPress cross site scripting

CVE-2024-33766 | lunasvg 2.3.9 blend_transformed_tiled_argb.isra.0 memory corruption