CVE-2024-11992
CVSS V2 None
CVSS V3 None
Description
Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file if it has the appropriate permissions outside of documentroot configured on the server via the aDirFiles%5B0%5D parameter in the admin.php page. This vulnerability allows an attacker to delete files stored on the server due to a lack of proper verification of user-supplied input.
Overview
- CVE ID
- CVE-2024-11992
- Assigner
- INCIBE
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-29T13:06:30.404Z
- Last Modified Date
- 2024-11-29T13:24:05.020Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-vulnerability-quickcms |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-11992 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11992 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-11-30 13:13:33 | Added to TrackCVE |