{
  "id": "CVE-2024-25006",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-29T01:44:14.417",
  "lastModified": "2024-02-29T13:49:29.390",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import."
    },
    {
      "lang": "es",
      "value": "XenForo anterior a 2.2.14 permite el Directory Traversal (con acceso de escritura) por parte de un usuario autenticado que tiene permisos para administrar estilos y utiliza un archivo ZIP para importar estilos."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://xenforo.com/community/threads/xenforo-2-2-14-released.219044/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://xenforo.com/docs/xf2/permissions/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://xenforo.com/tickets/BC37EB98/?v=5da7bd5728",
      "source": "cve@mitre.org"
    }
  ]
}