admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-112xx/CVE-2024-11215.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

60 lines
2.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-11215",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-11-14T14:15:18.367",
"lastModified": "2024-11-15T13:58:08.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only consecutive strings \u2018/...%5c\u2019."
},
{
"lang": "es",
"value": "Vulnerabilidad de path traversal absoluto (restricci\u00f3n incorrecta de una ruta a un directorio restringido) en el servidor web EasyPHP, que afecta a la versi\u00f3n 14.1. Esta vulnerabilidad podr\u00eda permitir a usuarios remotos eludir las restricciones de SecurityManager y recuperar cualquier archivo almacenado en el servidor estableciendo \u00fanicamente cadenas consecutivas '/...%5c'."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-vulnerability-easyphp",
"source": "cve-coordination@incibe.es"
}
]
}
Reference in New Issue View Git Blame Copy Permalink