admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-25975.md
0xMarcio 6100550298 Update CVE sources 2024-06-22 09:37
2024-06-22 09:37:59 +00:00

19 lines
980 B
Markdown
Raw Blame History

### [CVE-2024-25975](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25975)
![](https://img.shields.io/static/v1?label=Product&message=HAWKI&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-73%20External%20Control%20of%20File%20Name%20or%20Path&color=brighgreen)
### Description
The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is possible to overwrite all files for which the webserver has write access. It is required to supply a relative path (path traversal).
### POC
#### Reference
- http://seclists.org/fulldisclosure/2024/May/34
- https://r.sec-consult.com/hawki
#### Github
No PoCs found on GitHub currently.
Reference in New Issue View Git Blame Copy Permalink