A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file EasySpiderresourcesappserver.js of the component HTTP GET Request Handler. The manipulation with the input
/../../../../../../../../../Windows/win.ini
leads to path traversal: ‘../filedir’.
This vulnerability is known as CVE-2024-6746. The attack needs to be done within the local network. Furthermore, there is an exploit available.
The code maintainer explains, that this is not a big issue “because the default is that the software runs locally without going through the Internet”.
It is recommended to apply restrictive firewalling.