CVE-2024-39937 | supOS 5.0 api/image/download fileName path traversal

Posted by Angelo Barbosa | Jul 5, 2024 | CVE

A vulnerability was found in supOS 5.0 and classified as critical. This issue affects some unknown processing of the file api/image/download. The manipulation of the argument fileName leads to path traversal: ‘../filedir’.

The identification of this vulnerability is CVE-2024-39937. The attack may be initiated remotely. There is no exploit available.

CVE-2024-39937 | supOS 5.0 api/image/download fileName path traversal

Related Posts

CVE-2024-42367 | aio-libs aiohttp up to 3.10.1 symlink (GHSA-jwhx-xcg6-8xhj)

CVE-2024-5656 | ptz0n Google CSE Plugin up to 1.0.7 on WordPress Setting cross site scripting

CVE-2021-47327 | Linux Kernel up to 5.4.133/5.10.51/5.12.18/5.13.3 arm_smmu_rpm_get memory leak

CVE-2024-1928 | SourceCodester Web-Based Student Clearance System 1.0 Edit User Profile Page /admin/edit-admin.php Fullname sql injection