CVE-2024-7458 | elunez eladmin up to 2.7 Database Management/Deployment Management /api/deploy/upload file path traversal (Issue 851)

Posted by Angelo Barbosa | Aug 4, 2024 | CVE

A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversal: ‘dir/../../filename’.

The identification of this vulnerability is CVE-2024-7458. Access to the local network is required for this attack. Furthermore, there is an exploit available.

CVE-2024-7458 | elunez eladmin up to 2.7 Database Management/Deployment Management /api/deploy/upload file path traversal (Issue 851)

Related Posts

CVE-2023-51630 | Paessler PRTG Network Monitor cross site scripting

CVE-2022-40203 | AlgolPlus Advanced Dynamic Pricing for WooCommerce Plugin up to 4.1.5 on WordPress authorization

CVE-2024-0183 | RRJ Nueva Ecija Engineer Online Portal 1.0 NIA Office /admin/students.php cross site scripting

CVE-2023-6697 | WP Go Maps Plugin up to 9.0.28 on WordPress cross site scripting