CVE-2024-2825 | lakernote EasyAdmin up to 20240315 saveReportFile file path traversal (I98ZTA)

Posted by Angelo Barbosa | Mar 22, 2024 | CVE

A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: ‘../filedir’.

This vulnerability is uniquely identified as CVE-2024-2825. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2024-2825 | lakernote EasyAdmin up to 20240315 saveReportFile file path traversal (I98ZTA)

Related Posts

CVE-2024-2486 | Tenda AC18 15.03.05.05 /goform/QuickIndex formQuickIndex PPPOEPassword stack-based overflow

CVE-2024-23655 | tutao tutanota prior 3.119.10 Email denial of service (GHSA-5h47-g927-629g)

CVE-2023-28149 | Insyde InsydeH2O IhisiServiceSmm Module Privilege Escalation

CVE-2023-22439 | Gallagher Controller 6000/Controller 7000 Web Interface denial of service