CVE-2024-54452 – Kurmi Provisioning Suite Directory Traversal and Local File Inclusion Vulnerability

12月 27, 2024
9:16 pm

CVE ID : CVE-2024-54452

Published : Dec. 27, 2024, 8:15 p.m. | 1 hour, 1 minute ago

Description : An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 and 7.10.x through 7.10.0.18. A Directory Traversal and Local File Inclusion vulnerability in the logsSys.do page allows remote attackers (authenticated as administrators) to trigger the display of unintended files. Any file accessible to the Kurmi user account could be displayed, e.g., configuration files with information such as the database password.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-54452 – Kurmi Provisioning Suite Directory Traversal and Local File Inclusion Vulnerability

Elvescore.io

Recent Posts

CVE-2024-12991 – DBShop全球商城系統 Cross-Site Scripting Vulnerability

CVE-2024-39025 – Cpacker MemGPT Unauthenticated Data Access Vulnerability

CVE-2024-54450 – Kurmi Provisioning Suite Reflected IP Address Spoofing

CVE-2024-54451 – Kurmi Provisioning Suite XSS Locator Vulnerability