- Description
- An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 and 7.10.x through 7.10.0.18. A Directory Traversal and Local File Inclusion vulnerability in the logsSys.do page allows remote attackers (authenticated as administrators) to trigger the display of unintended files. Any file accessible to the Kurmi user account could be displayed, e.g., configuration files with information such as the database password.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 4.9
- Impact score
- 3.6
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-22
- Hype score
- Not currently trending
CVE-2024-54452 An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 and 7.10.x through 7.10.0.18. A Directory Traversal and Local File Inclusion vulnerability in the … https://t.co/wKkKg6BxWr
@CVEnew
28 Dec 2024
514 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54452 Directory Traversal & File Inclusion in Kurmi Provisioning Suite A problem was found in Kurmi Provisioning Suite versions before 7.9.0.35 and 7.10.x to 7.10.0.18. There is a Directory Traversal and... https://t.co/rhvm0lXxNk
@VulmonFeeds
27 Dec 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes