CVE-2024-0416 | DeShang DSMall up to 6.1.0 MemberAuth.php file_name path traversal

Posted by Angelo Barbosa | Jan 11, 2024 | CVE

A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 6.1.0. Affected by this issue is some unknown functionality of the file application/home/controller/MemberAuth.php. The manipulation of the argument file_name leads to path traversal: ‘../filedir’.

This vulnerability is handled as CVE-2024-0416. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2024-0416 | DeShang DSMall up to 6.1.0 MemberAuth.php file_name path traversal

Related Posts

CVE-2024-0993 | Tenda i6 1.0.0.9(3857) httpd /goform/WifiMacFilterGet formWifiMacFilterGet index stack-based overflow

CVE-2023-6409 | Schneider Electric EcoStruxure Control Expert Project File hard-coded credentials (SEVD-2024-044-01)

CVE-2024-39091 | MIPC Camera prior 5.4.1.240424171021 ccm_debug os command injection

CVE-2024-46733 | Linux Kernel up to 6.10.8 btrfs cow_file_range buffer overflow (e42ef22bc10f/30479f31d44d)