SecuriTricks - CVE-2024-8410

Description

A vulnerability classified as problematic was found in ABCD ABCD2 up to 2.2.0-beta-1. This vulnerability affects unknown code of the file /abcd/opac/php/otros_sitios.php. The manipulation of the argument sitio leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Product(s) Impacted

Vendor	Product	Versions
Abcd-community	Abcd	2.2.0

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	abcd-community	abcd	2.2.0	alpha	/	/	/	/	/	/
a	abcd-community	abcd	2.2.0	beta0	/	/	/	/	/	/

References

https://github.com/peritocibernetico/ABCD_Vulnerabilities

https://vuldb.com/?ctiid.276490

https://vuldb.com/?id.276490

https://vuldb.com/?submit.398806

CVSS Score

7.5 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: NONE
Availability Impact: NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

View Vector String

Timeline

Published: Sept. 4, 2024, 3:15 p.m.
Last Modified: Sept. 5, 2024, 2:20 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

cna@vuldb.com

CVE-2024-8410