- Description
- Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file if it has the appropriate permissions outside of documentroot configured on the server via the aDirFiles%5B0%5D parameter in the admin.php page. This vulnerability allows an attacker to delete files stored on the server due to a lack of proper verification of user-supplied input.
- Source
- cve-coordination@incibe.es
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- cve-coordination@incibe.es
- CWE-22
- Hype score
- Not currently trending
CVE-2024-11992 (CVSS:9.1, CRITICAL) is Awaiting Analysis. Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to b..https://t.co/GNZyUlt1QZ #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
4 Dec 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11992 Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download a… https://t.co/ypRbpi71iq
@CVEnew
29 Nov 2024
380 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-11992: CRITICAL] Quick.CMS 6.7 has a serious path traversal flaw in admin.php allowing remote users to download files beyond documentroot. Lack of input verification may also lead to file deletion.#cybersecurity,#vulnerability https://t.co/W45c3VPtlL https://t.co/Pyw4uj
@CveFindCom
29 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes