Common Weakness Enumeration

CWE-23

Allowed

Relative Path Traversal

Abstraction: Base · Status: Draft

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

778 vulnerabilities reference this CWE, most recent first.

CVE-2024-6583 (GCVE-0-2024-6583)

Vulnerability from cvelistv5 – Published: 2025-03-20 10:10 – Updated: 2025-03-20 18:22
VLAI
Title
Path Traversal in stangirard/quivr
Summary
A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-23 - Relative Path Traversal
Assigner
Impacted products
Vendor Product Version
stangirard stangirard/quivr Affected: unspecified , ≤ latest (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6583",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-20T17:48:52.798616Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T18:22:17.747Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "stangirard/quivr",
          "vendor": "stangirard",
          "versions": [
            {
              "lessThanOrEqual": "latest",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-20T10:10:23.071Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/c310b500-ec26-4121-8d3a-8e863181346f"
        }
      ],
      "source": {
        "advisory": "c310b500-ec26-4121-8d3a-8e863181346f",
        "discovery": "EXTERNAL"
      },
      "title": "Path Traversal in stangirard/quivr"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-6583",
    "datePublished": "2025-03-20T10:10:23.071Z",
    "dateReserved": "2024-07-08T20:55:27.506Z",
    "dateUpdated": "2025-03-20T18:22:17.747Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6483 (GCVE-0-2024-6483)

Vulnerability from cvelistv5 – Published: 2025-03-20 10:09 – Updated: 2025-03-20 18:37
VLAI
Title
Arbitrary File/Directory Deletion in aimhubio/aim
Summary
A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion. This can be exploited to delete arbitrary files or directories, potentially causing denial of service or data loss.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-23 - Relative Path Traversal
Assigner
Impacted products
Vendor Product Version
aimhubio aimhubio/aim Affected: unspecified , ≤ latest (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6483",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-20T17:53:32.121593Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T18:37:01.937Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "aimhubio/aim",
          "vendor": "aimhubio",
          "versions": [
            {
              "lessThanOrEqual": "latest",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion. This can be exploited to delete arbitrary files or directories, potentially causing denial of service or data loss."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-20T10:09:36.384Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/dc45d480-e579-4af4-8603-c52ecfd5e363"
        }
      ],
      "source": {
        "advisory": "dc45d480-e579-4af4-8603-c52ecfd5e363",
        "discovery": "EXTERNAL"
      },
      "title": "Arbitrary File/Directory Deletion in aimhubio/aim"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-6483",
    "datePublished": "2025-03-20T10:09:36.384Z",
    "dateReserved": "2024-07-03T16:10:39.566Z",
    "dateUpdated": "2025-03-20T18:37:01.937Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6433 (GCVE-0-2024-6433)

Vulnerability from cvelistv5 – Published: 2024-07-10 00:00 – Updated: 2024-08-01 21:41
VLAI
Title
Local File Inclusion in stitionai/devika
Summary
The application zips all the files in the folder specified by the user, which allows an attacker to read arbitrary files on the system by providing a crafted path. This vulnerability can be exploited by sending a request to the application with a malicious snapshot_path parameter.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-23 - Relative Path Traversal
Assigner
Impacted products
Vendor Product Version
stitionai stitionai/devika Affected: unspecified , < - (custom)
Create a notification for this product.
stitionai devika Affected: 0
    cpe:2.3:a:stitionai:devika:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:stitionai:devika:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "devika",
            "vendor": "stitionai",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6433",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T18:49:14.790174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-23T18:50:35.057Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:41:03.297Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.com/bounties/7d0463dd-6373-4eb8-86fc-beac0a1391a5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "stitionai/devika",
          "vendor": "stitionai",
          "versions": [
            {
              "lessThan": "-",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The application zips all the files in the folder specified by the user, which allows an attacker to read arbitrary files on the system by providing a crafted path. This vulnerability can be exploited by sending a request to the application with a malicious snapshot_path parameter."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-12T07:42:00.964Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/7d0463dd-6373-4eb8-86fc-beac0a1391a5"
        }
      ],
      "source": {
        "advisory": "7d0463dd-6373-4eb8-86fc-beac0a1391a5",
        "discovery": "EXTERNAL"
      },
      "title": "Local File Inclusion in stitionai/devika"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-6433",
    "datePublished": "2024-07-10T00:00:14.507Z",
    "dateReserved": "2024-07-01T17:09:45.428Z",
    "dateUpdated": "2024-08-01T21:41:03.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5547 (GCVE-0-2024-5547)

Vulnerability from cvelistv5 – Published: 2024-06-27 17:33 – Updated: 2024-08-01 21:18
VLAI
Title
Directory Traversal in stitionai/devika
Summary
A directory traversal vulnerability exists in the /api/download-project-pdf endpoint of the stitionai/devika repository, affecting the latest version. The vulnerability arises due to insufficient sanitization of the 'project_name' parameter in the download_project_pdf function. Attackers can exploit this flaw by manipulating the 'project_name' parameter in a GET request to traverse the directory structure and download arbitrary PDF files from the system. This issue allows attackers to access sensitive information that could be stored in PDF format outside the intended directory.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-23 - Relative Path Traversal
Assigner
Impacted products
Vendor Product Version
stitionai stitionai/devika Affected: unspecified , < - (custom)
Create a notification for this product.
stitionai devika Affected: 0 , < * (custom)
    cpe:2.3:a:stitionai:devika:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:stitionai:devika:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "devika",
            "vendor": "stitionai",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5547",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-09T20:32:24.866968Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-10T14:15:03.362Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:18:06.450Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.com/bounties/7ea0eb5f-7643-4452-bc93-a225e2090283"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "stitionai/devika",
          "vendor": "stitionai",
          "versions": [
            {
              "lessThan": "-",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A directory traversal vulnerability exists in the /api/download-project-pdf endpoint of the stitionai/devika repository, affecting the latest version. The vulnerability arises due to insufficient sanitization of the \u0027project_name\u0027 parameter in the download_project_pdf function. Attackers can exploit this flaw by manipulating the \u0027project_name\u0027 parameter in a GET request to traverse the directory structure and download arbitrary PDF files from the system. This issue allows attackers to access sensitive information that could be stored in PDF format outside the intended directory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-12T07:41:27.139Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/7ea0eb5f-7643-4452-bc93-a225e2090283"
        },
        {
          "url": "https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2"
        }
      ],
      "source": {
        "advisory": "7ea0eb5f-7643-4452-bc93-a225e2090283",
        "discovery": "EXTERNAL"
      },
      "title": "Directory Traversal in stitionai/devika"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-5547",
    "datePublished": "2024-06-27T17:33:35.488Z",
    "dateReserved": "2024-05-30T19:10:14.492Z",
    "dateUpdated": "2024-08-01T21:18:06.450Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-4330 (GCVE-0-2024-4330)

Vulnerability from cvelistv5 – Published: 2024-05-30 14:43 – Updated: 2024-08-01 20:40
VLAI
Title
Path Traversal in parisneo/lollms-webui
Summary
A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'list_personalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the directory structure and view the contents of any folder, albeit limited to subfolder names only. This issue was demonstrated via a specific HTTP request that manipulated the 'category' parameter to access arbitrary directories. The vulnerability is present in the code located at the 'endpoints/lollms_advanced.py' file.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-23 - Relative Path Traversal
Assigner
Impacted products
Vendor Product Version
parisneo parisneo/lollms-webui Affected: unspecified , ≤ latest (custom)
Create a notification for this product.
parisneo lollms-webui Affected: 0 , ≤ 9.6 (custom)
    cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lollms-webui",
            "vendor": "parisneo",
            "versions": [
              {
                "lessThanOrEqual": "9.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4330",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-07T18:42:17.703046Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:42:04.344Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:40:46.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.com/bounties/154a78d5-3960-4fc6-8666-f982b5e70ed7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "parisneo/lollms-webui",
          "vendor": "parisneo",
          "versions": [
            {
              "lessThanOrEqual": "latest",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the \u0027list_personalities\u0027 endpoint. By crafting a malicious HTTP request, an attacker can traverse the directory structure and view the contents of any folder, albeit limited to subfolder names only. This issue was demonstrated via a specific HTTP request that manipulated the \u0027category\u0027 parameter to access arbitrary directories. The vulnerability is present in the code located at the \u0027endpoints/lollms_advanced.py\u0027 file."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-30T14:43:40.842Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/154a78d5-3960-4fc6-8666-f982b5e70ed7"
        }
      ],
      "source": {
        "advisory": "154a78d5-3960-4fc6-8666-f982b5e70ed7",
        "discovery": "EXTERNAL"
      },
      "title": "Path Traversal in parisneo/lollms-webui"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-4330",
    "datePublished": "2024-05-30T14:43:40.842Z",
    "dateReserved": "2024-04-29T20:38:41.247Z",
    "dateUpdated": "2024-08-01T20:40:46.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3497 (GCVE-0-2024-3497)

Vulnerability from cvelistv5 – Published: 2024-06-14 04:17 – Updated: 2024-08-01 20:12
VLAI
Title
Directory Traversal Remote Code Execution Vulnerability
Summary
Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-23 - Relative Path Traversal
Assigner
Impacted products
Vendor Product Version
Toshiba Tec Corporation Toshiba Tec e-Studio multi-function peripheral (MFP) Affected: see the reference URL
Create a notification for this product.
toshibatec e-studio-2521_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2521_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2020_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2020_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2520_nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2520_nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2021_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2021_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3025_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3025_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3525_acg Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3525_acg:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5525_acg Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5525_acg:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6525_acg Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6525_acg:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3028-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3028-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3528-ag Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3528-ag:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4528-ag Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4528-ag:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6526-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6526-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6527-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6527-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-7527-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-7527-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6529-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6529-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-7529-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-7529-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-9029-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-9029-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-330-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-330-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-400-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-400-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2010-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2010-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2110-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2110-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2510-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2510-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2610-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2610-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2015-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2015-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2515-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2515-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2615-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2615-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3015-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3015-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3115-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3115-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3515-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3515-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3615-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3615-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4515_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4515_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4615_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4615_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5015_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5015_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5115_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5115_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2018_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2018_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2518_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2518_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2618_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2618_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3018_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3018_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3118_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3118_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3118_ag Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3118_ag:-:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-06-14 02:00
Credits
We expresses its gratitude to Zhenhua Huang, Harry Zhang and Minmin Li for reporting relevant security vulnerabilities for our products.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2521_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2521_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2020_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2020_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2520_nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2520_nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2021_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2021_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3025_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3025_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3525_acg:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3525_acg",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5525_acg:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5525_acg",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6525_acg:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6525_acg",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3028-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3028-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3528-ag:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3528-ag",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4528-ag:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4528-ag",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6526-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6526-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6527-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6527-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-7527-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-7527-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6529-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6529-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-7529-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-7529-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-9029-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-9029-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-330-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-330-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-400-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-400-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2010-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2010-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2110-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2110-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2510-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2510-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2610-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2610-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2015-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2015-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2515-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2515-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2615-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2615-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3015-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3015-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3115-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3115-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3515-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3515-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3615-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3615-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4515_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4515_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4615_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4615_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5015_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5015_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5115_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5115_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2018_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2018_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2518_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2518_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2618_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2618_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3018_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3018_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3118_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3118_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3118_ag:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3118_ag",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3497",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T16:45:32.781620Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T19:56:02.352Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:12:07.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.toshibatec.com/information/20240531_01.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Toshiba Tec e-Studio multi-function peripheral (MFP)",
          "vendor": "Toshiba Tec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "see the reference URL"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "If user authentication is disabled.\u003cbr\u003e"
            }
          ],
          "value": "If user authentication is disabled."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "We expresses its gratitude to Zhenhua Huang, Harry Zhang and Minmin Li for reporting relevant security vulnerabilities for our products."
        }
      ],
      "datePublic": "2024-06-14T02:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL."
            }
          ],
          "value": "Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We are not aware of any malicious exploitation by these vulnerabilities.\u003cbr\u003e"
            }
          ],
          "value": "We are not aware of any malicious exploitation by these vulnerabilities."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-126",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-126 Path Traversal"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-14T04:17:56.164Z",
        "orgId": "ecc0f906-8666-484c-bcf8-c3b7520a72f0",
        "shortName": "Toshiba"
      },
      "references": [
        {
          "url": "https://www.toshibatec.com/information/20240531_01.html"
        },
        {
          "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.\u003cbr\u003e"
            }
          ],
          "value": "This issue is fixed in the version released on June 14, 2024 and all later versions."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-14T02:00:00.000Z",
          "value": "Fixes will be released"
        }
      ],
      "title": "Directory Traversal Remote Code Execution Vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users.\u003cbr\u003e"
            }
          ],
          "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ecc0f906-8666-484c-bcf8-c3b7520a72f0",
    "assignerShortName": "Toshiba",
    "cveId": "CVE-2024-3497",
    "datePublished": "2024-06-14T04:17:56.164Z",
    "dateReserved": "2024-04-09T00:59:38.974Z",
    "dateUpdated": "2024-08-01T20:12:07.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3122 (GCVE-0-2024-3122)

Vulnerability from cvelistv5 – Published: 2024-07-01 02:39 – Updated: 2024-08-01 19:32
VLAI
Title
CHANGING Mobile One Time Password - Arbitrary File Reading
Summary
CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
Vendor Product Version
CHANGING Mobile One Time Password Affected: earlier , ≤ 3.11.2 (custom)
Create a notification for this product.
Date Public
2024-07-01 02:38
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3122",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-01T13:16:57.518916Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-01T13:17:07.868Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:32:42.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.twcert.org.tw/tw/cp-132-7911-0962e-1.html"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.twcert.org.tw/en/cp-139-7912-4c800-2.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mobile One Time Password",
          "vendor": "CHANGING",
          "versions": [
            {
              "lessThanOrEqual": "3.11.2",
              "status": "affected",
              "version": "earlier",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-07-01T02:38:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system."
            }
          ],
          "value": "CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-139",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-139 Relative Path Traversal"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23: Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-01T02:39:14.560Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-7911-0962e-1.html"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/en/cp-139-7912-4c800-2.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to MOTP 3.11.3 Patch 1 or later version or install the patch."
            }
          ],
          "value": "Update to MOTP 3.11.3 Patch 1 or later version or install the patch."
        }
      ],
      "source": {
        "advisory": "TVN-202407001",
        "discovery": "EXTERNAL"
      },
      "title": "CHANGING Mobile One Time Password - Arbitrary File Reading",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2024-3122",
    "datePublished": "2024-07-01T02:39:14.560Z",
    "dateReserved": "2024-04-01T02:01:30.133Z",
    "dateUpdated": "2024-08-01T19:32:42.703Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3025 (GCVE-0-2024-3025)

Vulnerability from cvelistv5 – Published: 2024-04-10 17:07 – Updated: 2024-08-01 19:32
VLAI
Title
Path Traversal in mintplex-labs/anything-llm
Summary
mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application's database.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-23 - Relative Path Traversal
Assigner
Impacted products
Vendor Product Version
mintplex-labs mintplex-labs/anything-llm Affected: unspecified , < 1.0.0 (custom)
Create a notification for this product.
mintplex-labs mintplex-labs\/anything-llm Affected: 0 , < 1.0.0 (custom)
    cpe:2.3:a:mintplex-labs:mintplex-labs\/anything-llm:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mintplex-labs:mintplex-labs\\/anything-llm:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mintplex-labs\\/anything-llm",
            "vendor": "mintplex-labs",
            "versions": [
              {
                "lessThan": "1.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3025",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-15T14:42:25.912733Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-03T18:04:34.134Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:32:42.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.com/bounties/fb09a352-1016-4481-ae88-7460e2b6062b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mintplex-labs/anything-llm/commit/7de23dbb2da932fbfb39f56d981784d3702cf5ce"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mintplex-labs/anything-llm",
          "vendor": "mintplex-labs",
          "versions": [
            {
              "lessThan": "1.0.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application\u0027s database."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-16T11:10:20.884Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/fb09a352-1016-4481-ae88-7460e2b6062b"
        },
        {
          "url": "https://github.com/mintplex-labs/anything-llm/commit/7de23dbb2da932fbfb39f56d981784d3702cf5ce"
        }
      ],
      "source": {
        "advisory": "fb09a352-1016-4481-ae88-7460e2b6062b",
        "discovery": "EXTERNAL"
      },
      "title": "Path Traversal in mintplex-labs/anything-llm"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-3025",
    "datePublished": "2024-04-10T17:07:52.626Z",
    "dateReserved": "2024-03-27T18:53:48.186Z",
    "dateUpdated": "2024-08-01T19:32:42.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-2461 (GCVE-0-2024-2461)

Vulnerability from cvelistv5 – Published: 2024-06-11 12:57 – Updated: 2024-08-01 19:11
VLAI
Summary
If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-23 - Relative Path Traversal
Assigner
Impacted products
Vendor Product Version
Hitachi Energy FOX61x Affected: 0 , ≤ FOX61x R16B Revision E (cesm3_r16b04_02, cesne_r16b04_02 and f10ne_r16b04_02) (custom)
Unaffected: FOX61x R16B Revision G, version (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07) (custom)
Affected: FOX61x R15B (custom)
Unaffected: FOX61X R16B Revision G, (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07)
Affected: FOX61x R16A
Affected: FOX61x R15A
Create a notification for this product.
Hitachi Energy XMC20 Affected: 0 , ≤ XMC20 R16B Revision C (cent2_r16b04_02, co5ne_r16b04_02) (custom)
Unaffected: XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07) (custom)
Affected: XMC20 R15B (custom)
Unaffected: XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07) (custom)
Affected: XMC20 R16A (custom)
Affected: XMC20 R15A (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2461",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-11T13:58:39.472974Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-11T13:58:58.084Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:11:53.616Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202\u0026languageCode=en\u0026Preview=true"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FOX61x",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "lessThanOrEqual": "FOX61x R16B Revision E (cesm3_r16b04_02,  cesne_r16b04_02 and  f10ne_r16b04_02)",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "FOX61x R16B Revision G, version (cesm3_r16b04_07,  cesne_r16b04_07, f10ne_r16b04_07)",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "FOX61x R15B",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "FOX61X R16B Revision G,  (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07)"
            },
            {
              "status": "affected",
              "version": "FOX61x R16A"
            },
            {
              "status": "affected",
              "version": "FOX61x R15A"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XMC20",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "lessThanOrEqual": "XMC20 R16B Revision C (cent2_r16b04_02,  co5ne_r16b04_02)",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "XMC20 R16B Revision D, version  (cent2_r16b04_07, co5ne_r16b04_07)",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "XMC20 R15B",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07)",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "XMC20 R16A",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "XMC20 R15A",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nIf exploited an attacker could traverse the file system to access \nfiles or directories that would otherwise be inaccessible\n\n"
            }
          ],
          "value": "If exploited an attacker could traverse the file system to access \nfiles or directories that would otherwise be inaccessible"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-11T12:57:04.498Z",
        "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "shortName": "Hitachi Energy"
      },
      "references": [
        {
          "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000202\u0026languageCode=en\u0026Preview=true"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
    "assignerShortName": "Hitachi Energy",
    "cveId": "CVE-2024-2461",
    "datePublished": "2024-06-11T12:57:04.498Z",
    "dateReserved": "2024-03-14T17:09:59.168Z",
    "dateUpdated": "2024-08-01T19:11:53.616Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-2318 (GCVE-0-2024-2318)

Vulnerability from cvelistv5 – Published: 2024-03-08 13:00 – Updated: 2025-06-10 07:28
VLAI
Title
ZKTeco ZKBio Media Service Port 9999 download path traversal
Summary
A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: '../filedir'. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.3 Build 2025-05-26-1605 is able to address this issue. It is recommended to upgrade the affected component.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-24 - Path Traversal: '../filedir'
  • CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
Vendor Product Version
ZKTeco ZKBio Media Affected: 2.0.0_x64_2024-01-29-1028
Create a notification for this product.
zkteco zkbio_media Affected: 2.0.0
    cpe:2.3:a:zkteco:zkbio_media:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Hussein Amer (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:11:53.421Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-256272 | ZKTeco ZKBio Media Service Port 9999 download path traversal",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.256272"
          },
          {
            "name": "VDB-256272 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.256272"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://gist.github.com/whiteman007/a3b25a7ddf38774329d72930e0cd841a"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:zkteco:zkbio_media:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "zkbio_media",
            "vendor": "zkteco",
            "versions": [
              {
                "status": "affected",
                "version": "2.0.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2318",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-12T15:47:33.199046Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-22T18:57:24.128Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Service Port 9999"
          ],
          "product": "ZKBio Media",
          "vendor": "ZKTeco",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0_x64_2024-01-29-1028"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Hussein Amer (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: \u0027../filedir\u0027. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.3 Build 2025-05-26-1605 is able to address this issue. It is recommended to upgrade the affected component."
        },
        {
          "lang": "de",
          "value": "Es wurde eine problematische Schwachstelle in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei /pro/common/download der Komponente Service Port 9999. Mittels dem Manipulieren des Arguments fileName mit der Eingabe ../../../../zkbio_media.sql mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 2.1.3 Build 2025-05-26-1605 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-10T07:28:04.921Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-256272 | ZKTeco ZKBio Media Service Port 9999 download path traversal",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.256272"
        },
        {
          "name": "VDB-256272 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.256272"
        },
        {
          "name": "Submit #288530 | zkteco zkbio media V2.0.0_x64_2024-01-29-1028 Path Traversal Vulnerability",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.288530"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/whiteman007/a3b25a7ddf38774329d72930e0cd841a"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.zkteco.com/en/Security_Bulletinsibs/11"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-03-08T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-03-08T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2024-03-08T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-06-10T09:32:46.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "ZKTeco ZKBio Media Service Port 9999 download path traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-2318",
    "datePublished": "2024-03-08T13:00:07.918Z",
    "dateReserved": "2024-03-08T06:48:01.928Z",
    "dateUpdated": "2025-06-10T07:28:04.921Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-5.1
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
  • Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20.1
Implementation

Strategy: Input Validation

  • Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
  • Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes ".." sequences and symbolic links (CWE-23, CWE-59). This includes:
  • realpath() in C
  • getCanonicalPath() in Java
  • GetFullPath() in ASP.NET
  • realpath() or abs_path() in Perl
  • realpath() in PHP
Mitigation MIT-29
Operation

Strategy: Firewall

Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].

CAPEC-139: Relative Path Traversal

An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.